CVE-2026-8438

The All-In-One Security (AIOS) WordPress plugin (versions up to and including 5.4.7) is affected by a Stored Cross-Site Scripting vulnerability. The root cause is insufficient input sanitization in get_rest_route() and missing output escaping in the debug log’s column_default() when the admin das...

AiOS

No d...

EUVD-2022-51699

Malicious code in bioql PyPI...

CVE-2022-4097

The All-In-One Security AIOS WordPress plugin before 5.0.8 is susceptible to IP Spoofing attacks, which can lead to bypassed security features like IP blocks, rate limiting, brute force protection, and more...

CVE-2022-4346

The All-In-One Security AIOS WordPress plugin before 5.1.3 leaked settings of the plugin publicly, including the used email address...

aana (>=0.2.1 <=0.2.2.2), aios-core (>=0.0.1b1 <=0.0.1b2) +64 more potentially affected by CVE-2025-30165 via vllm (>=0.5.3.post1 <=0.9.2)

vllm PYPI version =0.5.3.post1, =0.2.1, =0.0.1b1, =0.2.2, =0.1.0, =0.1.15, =0.2.13, =0.1.0, =0.1.0, =0.0.2, =0.1.1, =0.1.1, =0.0.2, =1.1.4, =1.1.5 - expert-score =0.0.1 and more Source cves: CVE-2025-30165 Source advisory: SNYK:PYTHON-VLLM-10116727...

aana (>=0.2.1 <=0.2.2.2), acai-swarm (=0.1.0) +218 more potentially affected by CVE-2024-11041 via vllm (>=0.10.0 <=0.9.2)

vllm PYPI version =0.10.0, =0.2.1, =1.2.1, =0.0.0, =2.3.5, =0.0.7, =0.0.1b1, =0.1.15, =0.2.4, =1.0.0, =1.0.14 and more Source cves: CVE-2024-11041 Source advisory: SNYK:PYTHON-VLLM-9513025...

CVE-2023-52147 WordPress All-In-One Security (AIOS) plugin <= 5.2.4 - Secret Login Page Location Disclosure on Multisites vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects All In One WP Security & Firewall: from n/a through 5.2.4...

CVE-2023-52147 WordPress All-In-One Security (AIOS) plugin <= 5.2.4 - Secret Login Page Location Disclosure on Multisites vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects All In One WP Security & Firewall: from n/a through 5.2.4...

All In One WP Security < 5.2.7 - Cross-Site Request Forgery to IP Blocking

Description The All-In-One Security AIOS – Security and Firewall plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.6. This is due to missing or incorrect nonce validation on the render404detection function. This makes it possible for...

CVE-2024-30468 WordPress All-In-One Security (AIOS) – Security and Firewall plugin <= 5.2.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall.This issue affects All In One WP Security & Firewall: from n/a through 5.2.6...

CVE-2024-30468 WordPress All-In-One Security (AIOS) – Security and Firewall plugin <= 5.2.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall.This issue affects All In One WP Security & Firewall: from n/a through 5.2.6...

CVE-2024-1037

The All-In-One Security AIOS – Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

Cross site scripting

The All-In-One Security AIOS – Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2024-1037

The CVE-2024-1037 entry concerns All-In-One Security (AIOS) for WordPress, affecting versions up to 5.2.5. The vulnerability is a Reflected Cross-Site Scripting via the tab parameter caused by insufficient input sanitization and output escaping, enabling unauthenticated attackers to inject web sc...

CVE-2024-1037 All-In-One Security (AIOS) – Security and Firewall <= 5.2.5 - Reflected Cross-Site Scripting

The All-In-One Security AIOS – Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

AIOS WordPress Plugin Faces Backlash for Storing User Passwords in Plaintext

All-In-One Security AIOS, a WordPress plugin installed on over one million sites, has issued a security update after a bug introduced in version 5.1.9 of the software caused users' passwords being added to the database in plaintext format. "A malicious site administrator i.e. a user already logge...

All-In-One Security (AIOS) – Security and Firewall < 5.2.0 - Insecure Storage of Password

The plugin stores the password inside the database as plaintext allowing administrators to obtain access to user's passwords...

CVE-2023-0157

The All-In-One Security AIOS WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user admin+ to plant bogus log files containing malicious JavaScript code that will be executed in the context of any...

Code injection

The All-In-One Security AIOS WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user admin+ to plant bogus log files containing malicious JavaScript code that will be executed in the context of any...