AIOSEO Plugin Flaw Exposes AI Token on 3 Million WordPress Sites

A concerning security issue has surfaced. It impacts the All in One SEO (AIOSEO) plugin for WordPress. This flaw could allow unauthorized access to AI tokens on over 3 million websites. Let’s delve into what this means for you and your site’s security.

The vulnerability allows individuals with minimal access to potentially misuse the plugin’s AI capabilities. This could lead to unwanted content generation or excessive consumption of AI credits, all on your dime. Understanding the details is vital to protect your WordPress site.

Here’s a breakdown of the vulnerability, how it works, and most importantly, what you need to do to secure your site right now.

What is All in One SEO (AIOSEO)?

All in One SEO is a popular WordPress plugin. It’s designed to improve your website’s search engine optimization (SEO). Site owners depend on it to handle tasks like managing metadata and creating XML sitemaps. It has tools powered by AI that help with creating content such as writing titles, descriptions, blog posts, FAQs, and social media posts. Plus, it helps generate images.

The plugin boasts over 3 million installations, making it one of the most widespread SEO tools for WordPress. Its AI features rely on a site-wide AI access token to communicate with AIOSEO’s external AI services.

Details of the AIOSEO Vulnerability

The vulnerability stems from a missing permission check. It affects a specific REST API endpoint within the AIOSEO plugin. This allows users with contributor-level access to view the global AI access token. A contributor is a user role in WordPress with limited privileges.

All versions of AIOSEO up to and including version 4.9.2 are affected. If you’re running any of these versions, your site is vulnerable.

How the Vulnerability Works

The core issue is a missing capability check on the /aioseo/v1/ai/credits REST API endpoint. This endpoint should display information about AI usage and credits. Instead, it fails to verify if the user has permission to see this data.

In WordPress, an API acts as a bridge between your website and other applications. REST endpoints are URLs that expose access to data or functionality. Usually, REST API routes include checks to ensure only authorized users gain access. However, this check was missing in AIOSEO.

Because of this oversight, anyone logged in with contributor-level access (or higher) could call the endpoint. They could then retrieve the site’s global AI access token.

Risks of Exploiting the AIOSEO Vulnerability

Exposing the AI token to low-privilege users poses significant risks. These tokens act as site-wide credentials for AI requests. Compromising one could lead to serious problems.

• Unauthorized AI Usage: An attacker could use the token to generate AI content through your site’s account. This burns through your credits or usage limits.
• Service Depletion: An attacker could automate requests. This exhausts your AI quota and prevents you from using the AI features. It effectively creates a denial of service for the AI tools.

Even without direct code execution, a leaked API token can lead to unexpected charges and wasted resources.

AIOSEO Vulnerabilities: A Recurring Problem?

This isn’t an isolated incident. All In One SEO has a history of vulnerabilities related to authorization and low-privilege access. There were six vulnerabilities disclosed in 2025 alone. Many allowed contributor or subscriber-level users to access or modify data they shouldn’t have.

These past issues include SQL injection, information disclosure, and missing authorization checks. The common thread is improper permission enforcement for low-privilege users. This is the same flaw that led to the AI token exposure.

To put this in perspective, Yoast SEO had zero vulnerabilities in 2025. RankMath had four, and Squirrly SEO had three. Six vulnerabilities in a year is a high number for an SEO plugin.

How the AIOSEO Vulnerability Was Fixed

The vulnerability is resolved in AIOSEO version 4.9.3. The official changelog describes the fix as “Hardened API routes to prevent AI access token from being exposed”.

This change directly addresses the REST API flaw identified by Wordfence. Update to this version (or newer) to protect your site.

What WordPress Site Owners Should Do

The most important step is to update to AIOSEO version 4.9.3 or newer immediately. Go to your WordPress dashboard and update the plugin.

Sites with multiple contributors should be especially vigilant. Low-privilege accounts could have accessed the AI token on vulnerable versions.
Consider if you need help with securing your website? Our team offers AI Driven SEO Services in Pakistan to help you with the latest advancements.

FAQs

What is an AI access token?

An AI access token is like a password. It allows the AIOSEO plugin to use AI services. It is used to generate content, images, and other AI-powered features. If someone steals this token, they could use your AI credits.

How do I update the AIOSEO plugin?

Log into your WordPress dashboard. Navigate to the “Plugins” section. Find “All in One SEO” and click “Update Now.” If you don’t see an update, click the “Check Again” button to refresh the plugin list.

What WordPress user roles are affected by this vulnerability?

The vulnerability primarily affects sites where “Contributor” level users are present. Users with higher roles, such as “Author,” “Editor,” and “Administrator,” could also exploit the vulnerability. It is important to update regardless of the assigned role to the users.

Is this vulnerability related to the Google’s AI Shopping Protocol?

No, this vulnerability is specific to the AIOSEO WordPress plugin. It is unrelated to Google’s AI Shopping Protocol or any other Google service. The flaw is solely within the AIOSEO plugin’s code.

What if I can’t update to the latest version of AIOSEO right away?

Updating is the best course of action. If you cannot update immediately, consider temporarily deactivating the AIOSEO plugin until you can update. You should also restrict contributor access until the update is complete. This reduces the risk of exploitation.