According to Roger Montti’s article on Search Engine Journal, “All In One SEO WordPress Vulnerability Affects Over 3 Million Sites,” a newly disclosed security flaw in the All in One SEO (AIOSEO) WordPress plugin has put more than 3 million websites at potential risk, adding to a growing list of vulnerabilities associated with the plugin in 2025.
Vulnerability Overview
Montti reports that the vulnerability allows low-privileged, logged-in users (Contributor level and above) to access a site’s global AI access token, a credential used by AIOSEO to power its AI-driven features. While the flaw does not allow direct code execution, it could enable misuse of AI tools, including the generation of content or the consumption of paid AI credits without authorization.
The issue affects all versions up to and including 4.9.2 of the plugin.
What Caused the Issue
According to Wordfence, the problem stemmed from a missing capability check on a REST API endpoint (/aioseo/v1/ai/credits). That endpoint is intended to show administrators information about AI usage and remaining credits. However, due to insufficient permission validation, contributors were able to access sensitive data they should not have, specifically, the site-wide AI token.
In WordPress, contributor accounts are commonly granted to guest authors or external writers, making this type of exposure particularly concerning for multi-author sites.
Why It Matters
Montti explains that leaking a global AI token can lead to several practical risks:
- Unauthorized AI usage, where attackers generate content using the site’s AI quota
- Service or credit depletion, potentially preventing legitimate site owners from using AI features
- Potential billing or resource abuse, depending on how AI usage is metered
Although the vulnerability does not compromise the server directly, it exposes a credential that controls access to paid and limited services.
Part of a Larger Pattern
This incident is the sixth AIOSEO vulnerability disclosed in 2025, many of which involve improper permission handling for low-privilege users. Montti notes that this rate is unusually high for a major SEO plugin, especially when compared to competitors like Yoast, which had no reported vulnerabilities in the same period.
Fix and Recommendations
The issue was fixed in version 4.9.3, with the developers stating they “hardened API routes to prevent AI access token from being exposed.” Site owners using All in One SEO are strongly advised to update immediately, particularly if their sites allow contributor or author-level access.
As Montti’s reporting highlights, the vulnerability underscores the importance of strict permission enforcement in WordPress plugins, especially as more plugins integrate AI features tied to shared credentials.