A newly disclosed security vulnerability in the All in One SEO (AIOSEO) WordPress plugin has put more than 3 million websites at risk by exposing a site-wide AI access token to low-privileged users.
The flaw, which affects all versions up to 4.9.2, allows users with Contributor-level access or higher to retrieve the plugin’s global AI token through an improperly secured REST API endpoint. While the vulnerability does not enable code execution, it creates significant risks related to unauthorized AI usage and resource depletion.
Why This Vulnerability Matters
All in One SEO is one of the most widely installed SEO plugins in the WordPress ecosystem, offering features such as metadata management, XML sitemaps, structured data, and a growing suite of AI-powered tools for content and image generation.
Those AI features rely on a single site-wide access token that authorizes communication with AIOSEO’s external AI services. Exposure of that token effectively grants control over the site’s AI usage.
The Root Cause: Missing Permission Checks
According to security researchers, the issue stems from a missing capability check on a specific REST API endpoint used by the plugin:
This endpoint is intended to return information about AI usage and remaining credits. However, it failed to verify whether the requesting user had sufficient permissions to access that data.
As a result, any authenticated user with Contributor-level access or above could retrieve the global AI access token—despite Contributors being one of the lowest privilege roles in WordPress.
What Attackers Could Do With the Token
Although the vulnerability does not allow attackers to directly alter site code, exposing a site-wide AI token introduces meaningful risk:
1. Unauthorized AI Usage
An attacker could use the token to generate AI content under the site’s account, consuming credits or triggering unexpected usage.
2. Resource Depletion
Automated requests using the leaked token could exhaust the site’s AI quota, preventing administrators from using the plugin’s AI tools and potentially causing billing or service disruptions.
In environments where multiple contributors are granted access—such as multi-author blogs or agencies—this risk is amplified.
Part of a Larger Security Pattern
This incident is not isolated. Security reports indicate that AIOSEO has had six vulnerabilities disclosed in 2025 alone, many of them involving insufficient authorization checks for low-privilege users.
Reported issues over the past year include:
-
Sensitive data exposure
-
Missing authorization checks
-
SQL injection
-
Arbitrary media deletion
-
Stored cross-site scripting (XSS)
For context, other major WordPress SEO plugins reported fewer vulnerabilities during the same period, raising concerns about recurring permission enforcement issues within AIOSEO’s codebase.
How the Issue Was Fixed
The vulnerability affects all versions up to and including 4.9.2 and was addressed in version 4.9.3.
The official changelog notes that the update:
“Hardened API routes to prevent AI access token from being exposed.”
This fix aligns directly with the missing capability check identified in the REST API endpoint.
What Site Owners Should Do Now
If you are running All in One SEO:
-
Update immediately to version 4.9.3 or newer
-
Review all user roles, especially Contributor-level accounts
-
Limit access on sites with external writers or partners
-
Monitor AI usage and credit consumption for unusual activity
Sites that rely heavily on AI features—or that grant access to multiple low-privilege users—should treat this as a high-priority update.
The Bigger Takeaway
As WordPress plugins increasingly integrate AI services, access control and token security become critical attack surfaces. Even without traditional exploits like code execution, exposed credentials can create financial, operational, and reputational risk.
For site owners, this incident underscores the importance of:
-
Keeping plugins up to date
-
Auditing user roles regularly
-
Treating AI credentials with the same care as API keys or payment tokens
