CVE-2022-42494
CVE-2022-42494 is a low-severity vulnerability in Aioseo All In One Seo with a CVSS 3.x base score of 3.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-918.
Key facts
- Severity: Low (CVSS 3.x base score 3.0)
- EPSS exploit prediction: 1% (42nd percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-918
- Affected product: Aioseo All In One Seo
- Published:
- Last modified:
Description
Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro plugin <= 4.2.5.1 on WordPress.
Frequently asked questions
- What is CVE-2022-42494?
- Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro plugin <= 4.2.5.1 on WordPress.
- How severe is CVE-2022-42494?
- CVE-2022-42494 has a CVSS 3.x base score of 3.0, rated low severity. It is exploitable over network with high attack complexity, requires high privileges and no user interaction. Impact on confidentiality is low, integrity none, and availability none.
- Is CVE-2022-42494 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (42nd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2022-42494?
- CVE-2022-42494 affects Aioseo All In One Seo. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2022-42494?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2022-42494 published?
- CVE-2022-42494 was published on 2022-11-08 and last updated on 2026-06-17.
References
- https://aioseo.com/changelog/
- https://patchstack.com/database/vulnerability/all-in-one-seo-pack-pro/wordpress-all-in-one-seo-pro-plugin-4-2-5-1-server-side-request-forgery-ssrf-vulnerability?_s_id=cve
Affected products (1)
- cpe:2.3:a:aioseo:all_in_one_seo:*:*:*:*:*:wordpress:*:*
More vulnerabilities in Aioseo All In One Seo
- CVE-2021-25036 — High (CVSS 8.8): The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Privilege Escalation issue, which was discovered…
- CVE-2021-24307 — High (CVSS 8.8): The All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings before 4.1.0.2 enables…
- CVE-2021-25037 — Medium (CVSS 6.5): The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection issue, which was…
- CVE-2025-2892 — Medium (CVSS 6.4): The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable…
- CVE-2024-3554 — Medium (CVSS 6.4): The All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic plugin for…
- CVE-2023-0586 — Medium (CVSS 6.4): The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in…
All CVEs affecting Aioseo All In One Seo →
Other CWE-918 (Server-Side Request Forgery (SSRF)) vulnerabilities
- CVE-2026-47938 — Critical (CVSS 10.0): Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by a Server-Side Request Forgery (SSRF)…
- CVE-2026-35431 — Critical (CVSS 10.0): Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to…
- CVE-2026-32186 — Critical (CVSS 10.0): Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate privileges over a…
- CVE-2026-33107 — Critical (CVSS 10.0): Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a…
- CVE-2026-32871 — Critical (CVSS 10.0): FastMCP is a Pythonic way to build MCP servers and clients. Prior to version 3.2.0, the OpenAPIProvider in FastMCP…
- CVE-2026-32169 — Critical (CVSS 10.0): Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a…
Browse all CWE-918 (Server-Side Request Forgery (SSRF)) vulnerabilities →