Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-11-04
CVE-2025-12156 - All In One Plugin
The Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_post_data() function in versions 2.0.7 to 2.2.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create and publish arbitrary posts.
PLUGIN
All In One
CVE-2025-12156
Risk Score
Threat Entry
Updated 2025-04-29
CVE-2025-3300 - All In One Plugin
The WPMasterToolKit (WPMTK) – All in one plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to read and modify the contents of arbitrary files on the server, which can contain sensitive information.
PLUGIN
All In One
CVE-2025-3300
Risk Score
Threat Entry
Updated 2025-08-09
CVE-2023-6812 - All In One Plugin
The WP Compress – Image Optimizer [All-In-One plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 6.20.01. This is due to insufficient validation on the redirect url supplied via the 'css' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
PLUGIN
All In One
CVE-2023-6812
Risk Score