AiOS

No d...

EUVD-2022-51699

Malicious code in bioql PyPI...

CVE-2022-4097

The All-In-One Security AIOS WordPress plugin before 5.0.8 is susceptible to IP Spoofing attacks, which can lead to bypassed security features like IP blocks, rate limiting, brute force protection, and more...

CVE-2022-4346

The All-In-One Security AIOS WordPress plugin before 5.1.3 leaked settings of the plugin publicly, including the used email address...

aana (>=0.2.1 <=0.2.2.2), aios-core (>=0.0.1b1 <=0.0.1b2) +63 more potentially affected by CVE-2025-30165 via vllm (>=0.5.3.post1 <=0.9.2)

vllm PYPI version =0.5.3.post1, =0.2.1, =0.0.1b1, =0.2.2, =0.1.0, =0.1.15, =0.2.13, =0.1.0, =0.1.0, =0.0.2, =0.1.1, =0.1.1, =0.0.2, =1.1.4, =1.1.5 - expert-score =0.0.1 and more Source cves: CVE-2025-30165 Source advisory: SNYK:PYTHON-VLLM-10116727...

aana (>=0.2.1 <=0.2.2.2), acai-swarm (=0.1.0) +214 more potentially affected by CVE-2024-11041 via vllm (>=0.10.0 <=0.9.2)

vllm PYPI version =0.10.0, =0.2.1, =1.2.1, =0.0.0, =2.3.5, =0.0.7, =0.0.1b1, =0.1.15, =0.2.4, =1.0.0, =1.0.14 and more Source cves: CVE-2024-11041 Source advisory: SNYK:PYTHON-VLLM-9513025...

agenta (>=0.14.1a0 <=0.14.7a1), agentic-devops (>=0.0.5 <=0.0.9) +73 more potentially affected by CVE-2024-5710 via litellm (>=0.11.1 <=1.40.13)

litellm PYPI version =0.11.1, =0.14.1a0, =0.0.5, =0.2.0, =0.29.0, =0.1.5, =0.1.0, =1.3.0, =0.1.0, =0.0.1, =0.0.0, =0.114.0, =0.0.1, =0.0.2 and more Source cves: CVE-2024-5710 Source advisory: OSV:GHSA-QQCV-VG9F-5RR3...

agentic-devops (>=0.0.5 <=0.0.9), aiconsole (>=0.2.0 <=0.2.13) +67 more potentially affected by CVE-2024-5225 via litellm (>=0.11.1 <=1.38.8)

litellm PYPI version =0.11.1, =0.0.5, =0.2.0, =0.29.0, =0.1.5, =1.3.0, =0.1.0, =0.0.1, =0.0.0, =0.114.0, =0.0.1, =0.6.3, =4.5.263, =4.6.221 and more Source cves: CVE-2024-5225 Source advisory: OSV:GHSA-H6M6-JJ8V-94JJ...

CVE-2023-52147 WordPress All-In-One Security (AIOS) plugin <= 5.2.4 - Secret Login Page Location Disclosure on Multisites vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects All In One WP Security & Firewall: from n/a through 5.2.4...

CVE-2023-52147 WordPress All-In-One Security (AIOS) plugin <= 5.2.4 - Secret Login Page Location Disclosure on Multisites vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects All In One WP Security & Firewall: from n/a through 5.2.4...

All In One WP Security < 5.2.7 - Cross-Site Request Forgery to IP Blocking

Description The All-In-One Security AIOS – Security and Firewall plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.6. This is due to missing or incorrect nonce validation on the render404detection function. This makes it possible for...

CVE-2024-30468 WordPress All-In-One Security (AIOS) – Security and Firewall plugin <= 5.2.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall.This issue affects All In One WP Security & Firewall: from n/a through 5.2.6...

CVE-2024-30468 WordPress All-In-One Security (AIOS) – Security and Firewall plugin <= 5.2.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall.This issue affects All In One WP Security & Firewall: from n/a through 5.2.6...

CVE-2024-1037

The All-In-One Security AIOS – Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

Cross site scripting

The All-In-One Security AIOS – Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2024-1037 All-In-One Security (AIOS) – Security and Firewall <= 5.2.5 - Reflected Cross-Site Scripting

The All-In-One Security AIOS – Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2024-1037

The CVE-2024-1037 entry concerns All-In-One Security (AIOS) for WordPress, affecting versions up to 5.2.5. The vulnerability is a Reflected Cross-Site Scripting via the tab parameter caused by insufficient input sanitization and output escaping, enabling unauthenticated attackers to inject web sc...

AIOS WordPress Plugin Faces Backlash for Storing User Passwords in Plaintext

All-In-One Security AIOS, a WordPress plugin installed on over one million sites, has issued a security update after a bug introduced in version 5.1.9 of the software caused users' passwords being added to the database in plaintext format. "A malicious site administrator i.e. a user already logge...

All-In-One Security (AIOS) – Security and Firewall < 5.2.0 - Insecure Storage of Password

The plugin stores the password inside the database as plaintext allowing administrators to obtain access to user's passwords...

CVE-2023-0157

The All-In-One Security AIOS WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user admin+ to plant bogus log files containing malicious JavaScript code that will be executed in the context of any...