CVE-2021-25037

MEDIUM EXPLOITED

All in One SEO WordPress <4.1.5.3 - Authenticated SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2021-25037 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection issue, which was discovered during an internal audit by the Jetpack Scan team, and could grant attackers access to privileged information from the affected site’s database (e.g., usernames and hashed passwords).

Scores

CVSS v3 6.5
EPSS 0.0129
EPSS Percentile 67.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2021-12-14
CWE
CWE-89
Status published
Products (1)
aioseo/all_in_one_seo < 4.1.5.3
Published Jan 17, 2022
Tracked Since Feb 18, 2026