A critical security vulnerability in the All In One SEO plugin for WordPress has been disclosed, allowing low-privileged users to access a site-wide AI token. This flaw poses risks of AI token misuse, service depletion, and potential resource costs for over 3 million websites. #AllInOneSEO #WordPressVulnerability
Keypoints
- The vulnerability affects the popular All In One SEO plugin used on over 3 million WordPress sites.
- A missing permission check in the REST API endpoint allowed low-privilege users to access sensitive AI data.
- The exposed AI access token could be misused for unauthorized content generation and resource exhaustion.
- The flaw was fixed in version 4.9.3, which hardened the API routes to prevent token exposure.
- Site owners are advised to update the plugin promptly and regularly maintain their WordPress security measures.
Read More: https://thecyberexpress.com/all-in-one-seo-wordpress-ai-token/