Title: Missing Authorization vulnerability Last modified: September 26, 2025 --- # Missing Authorization vulnerability * Resolved [Dominik Kozmáli](https://wordpress.org/support/users/dominokozmali/) * (@dominokozmali) * [8 months, 2 weeks ago](https://wordpress.org/support/topic/missing-authorization-vulnerability/) * Hello, * I just received a notification from the Wordfence security plugin that there is a Missing Authorization security vulnerability in your All In One SEO Pack <= 4.8.7 plugin. * I am also sending a link to more details about the error: [https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/all-in-one-seo-pack/all-in-one-seo-pack-487-missing-authorization](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/all-in-one-seo-pack/all-in-one-seo-pack-487-missing-authorization) * Thank you very much for solving the problem 🙂 * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fmissing-authorization-vulnerability%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 9 replies - 1 through 9 (of 9 total) * Plugin Support [Steve M](https://wordpress.org/support/users/wpsmort/) * (@wpsmort) * [8 months, 2 weeks ago](https://wordpress.org/support/topic/missing-authorization-vulnerability/#post-18658330) * Hi [@dominokozmali](https://wordpress.org/support/users/dominokozmali/), * We’ve already deployed a fix for this in AIOSEO version 4.8.7 and are currently waiting on Patchstack to verify and confirm the fix. We’ll keep you updated, but this should already have been addressed. * This vulnerability also hasn’t been exploited by anyone and can only be executed by someone who already has a login to your website * Thread Starter [Dominik Kozmáli](https://wordpress.org/support/users/dominokozmali/) * (@dominokozmali) * [8 months, 2 weeks ago](https://wordpress.org/support/topic/missing-authorization-vulnerability/#post-18658645) * Hi Steve [@wpsmort](https://wordpress.org/support/users/wpsmort/) , * I have updated the plugin to the latest version 4.8.7 but unfortunately it still shows me the security message. Even after a new re-scan Wordfence: * The Plugin “All in One SEO” has a security vulnerability. * Type: Plugin VulnerableFound ound 27. 09. 2025 04:28 * Critical * Plugin Name: All in One SEO * Current Plugin Version: 4.8.7 * Details: To protect your site from this vulnerability, the safest option is to deactivate and completely remove “All in One SEO” until a patched version is available. Get more information.(opens in new tab) * Repository URL:View(opens in new tab) * Vulnerability Information:View(opens in new tab) * Vulnerability Severity: 5.4/10.0 (Medium) * [rsb1234](https://wordpress.org/support/users/rsb1234/) * (@rsb1234) * [8 months, 1 week ago](https://wordpress.org/support/topic/missing-authorization-vulnerability/#post-18660886) * Following * [skylerdynedge](https://wordpress.org/support/users/skylerdynedge/) * (@skylerdynedge) * [8 months, 1 week ago](https://wordpress.org/support/topic/missing-authorization-vulnerability/#post-18660897) * Also seeing this issue in ManageWP on multiple websites. Commenting so I can be kept up to date on this issue. Thank you. * Plugin Support [Steve M](https://wordpress.org/support/users/wpsmort/) * (@wpsmort) * [8 months, 1 week ago](https://wordpress.org/support/topic/missing-authorization-vulnerability/#post-18661073) * Hi [@dominokozmali](https://wordpress.org/support/users/dominokozmali/), * We’ve already deployed a fix for this vulnerability in AIOSEO version 4.8.7, and we reported this to Patchstack. We’ve been waiting on Patchstack to verify and confirm the fix.  * We followed up with Patchstack again last week, but it’s up to them to update their vulnerability database to mark this as patched. Until they do this, it’ll incorrectly appear as vulnerable in any security plugin or tool until they’ve updated their database. * Again, this vulnerability has already been patched, and if you’re on AIOSEO v4.8.7 or later then you’re protected, and you can safely ignore any warning about this. This vulnerability also hasn’t been exploited by anyone and can only be executed by someone who already has a login to your website. * I hope this helps!  * [Nico Demus](https://wordpress.org/support/users/nicodemusy2k/) * (@nicodemusy2k) * [8 months, 1 week ago](https://wordpress.org/support/topic/missing-authorization-vulnerability/#post-18662536) * It would probably be faster if you just rolled a few minor fixes… nothing major, into a new update 4.8.8 and revisited the “Missing Authorization” issue, clearly stating that it’s been (already in 4.8.7) resolved. From a compliance and liability standpoint, site operators really have no choice but to disable your add-on once the version number is flagged. It’s pretty rare for a CVE to be retroactively adjusted in that regard. * Thread Starter [Dominik Kozmáli](https://wordpress.org/support/users/dominokozmali/) * (@dominokozmali) * [8 months, 1 week ago](https://wordpress.org/support/topic/missing-authorization-vulnerability/#post-18662962) * [@nicodemusy2k](https://wordpress.org/support/users/nicodemusy2k/) – I agree, I thought they would solve it that way. Because it’s the standard solution. * Plugin Support [Prabhat](https://wordpress.org/support/users/prabhatrai/) * (@prabhatrai) * [8 months ago](https://wordpress.org/support/topic/missing-authorization-vulnerability/#post-18671862) * Hi [@dominokozmali](https://wordpress.org/support/users/dominokozmali/) [@nicodemusy2k](https://wordpress.org/support/users/nicodemusy2k/) [@skylerdynedge](https://wordpress.org/support/users/skylerdynedge/) [@rsb1234](https://wordpress.org/support/users/rsb1234/), * I’m happy to confirm that Patchstack has now officially verified and marked this vulnerability as fixed. * You can see their update here: * [https://patchstack.com/database/wordpress/plugin/all-in-one-seo-pack/vulnerability/wordpress-all-in-one-seo-pack-plugin-4-8-7-sensitive-data-exposure-vulnerability](https://patchstack.com/database/wordpress/plugin/all-in-one-seo-pack/vulnerability/wordpress-all-in-one-seo-pack-plugin-4-8-7-sensitive-data-exposure-vulnerability) * Please make sure you’ve updated to AIOSEO version 4.8.7.2. * Feel free to let me know if you have any other questions. I’m here to help. * Thread Starter [Dominik Kozmáli](https://wordpress.org/support/users/dominokozmali/) * (@dominokozmali) * [8 months ago](https://wordpress.org/support/topic/missing-authorization-vulnerability/#post-18672740) * Yes I confirm that the security warning is no longer displayed even by wordfence. * I mark this case as solved 🙂 * Thank you Viewing 9 replies - 1 through 9 (of 9 total) The topic ‘Missing Authorization vulnerability’ is closed to new replies. * ![](https://ps.w.org/all-in-one-seo-pack/assets/icon.svg?rev=2443290) * [All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic](https://wordpress.org/plugins/all-in-one-seo-pack/) * [Frequently Asked Questions](https://wordpress.org/plugins/all-in-one-seo-pack/#faq) * [Support Threads](https://wordpress.org/support/plugin/all-in-one-seo-pack/) * [Active Topics](https://wordpress.org/support/plugin/all-in-one-seo-pack/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/all-in-one-seo-pack/unresolved/) * [Reviews](https://wordpress.org/support/plugin/all-in-one-seo-pack/reviews/) * 14 replies * 5 participants * Last reply from: [Dominik Kozmáli](https://wordpress.org/support/users/dominokozmali/) * Last activity: [8 months ago](https://wordpress.org/support/topic/missing-authorization-vulnerability/#post-18672740) * Status: resolved