Significant Security Hole Found in SEO Plugin used by 18 Millions of WordPress Users

Do you host your own WordPress website? Do you use the popular All in One SEO Pack plugin?

If so, you need to update the plugin as soon as possible to the latest version.

The All in One SEO Pack plugin is a very popular choice for webmasters who wish to boost their WordPress-powered site’s position in search engine rankings. Indeed, over 18 million people have already downloaded the plugin for use on their websites.

Yesterday, All in One SEO Pack plugin team has released an emergency security update that patches two critical privilege escalation vulnerabilities and one cross site scripting (XSS) flaw, discovered by security researchers at Sucuri, a web monitoring and malware clean up service.

Sucuri says that, the reported privilege escalation vulnerabilities allow an attacker to add and modify the WordPress website’s meta information, that could harm its search engine ranking negatively. Regarding the cross site scripting (XSS) flaw,  researcher says vulnerability can be exploited by malicious hackers to execute malicious JavaScript code on an administrator’s control panel.

This means that an attacker could potentially inject any JavaScript code and do things like changing the admin’s account password to leaving some backdoor in your website’s files in order to conduct even more “evil” activities later.

So we recommend our users who use  All in One SEO Pack, to upgrade it to the latest version All in One SEO Pack 2.1.6 to keep your blog or site secure. Download latest version of All in One SEO Pack.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.