CVE-2022-42494
LOWAll in One SEO Pro <= 4.2.5.1 - Server-Side Request Forgery
Title source: llmDescription
Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro plugin <= 4.2.5.1 on WordPress.
References (2)
Core 2
Core References
Third Party Advisory
https://patchstack.com/database/vulnerability/all-in-one-seo-pack-pro/wordpress-all-in-one-seo-pro-plugin-4-2-5-1-server-side-request-forgery-ssrf-vulnerability?_s_id=cve
Release Notes, Vendor Advisory
https://aioseo.com/changelog/
Scores
CVSS v3
3.0
EPSS
0.0055
EPSS Percentile
41.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (2)
aioseo/all_in_one_seo
< 4.2.5.1
Semper Plugins, LLC/All in One SEO Pro (WordPress plugin)
<= 4.2.5.1 - 4.2.5.1
Published
Nov 08, 2022
Tracked Since
Feb 18, 2026