Vulnerability Found In the WordPress plugin “All in One SEO Pack”

The security enthusiasts at Sucuri found two security vulnerabilities in the very popular WordPress plugin “All In One SEO Pack“. Indeed, with over 18 million downloads, we think it’s worth the attention of all WordPress users.

These security gaps would allow attackers to access non-administrative user accounts (author, subscriber and other non-admin), to elevate their privileges and inject malicious code in the WordPress administrative control panel.

Rest assured, the team that created the plugin in question has already made available a patch that corrects this problem.

Marc-Alexandre Montpas, author of the article on this subject on the Sucuri blog, explains with a bit more detail how an ill-intentioned person could use these vulnerabilities and create a privilege escalation on a user that does not have administrative rights.

The repercussions of these vulnerabilities can be as much at the level of search rankings (SEO and SERP), but can also affect the WordPress site by allowing cross-site scripting (XSS).

How to prevent this problem?

As easily as updating the plugin! From your WordPress admin control panel, go to the plugins section and select “All In One SEO Pack”. From the drop-down menu (at the top or bottom of the page), select the update option. The system should automatically recuperate the most recent available version for you automatically.

To be sure all is in order, look at the plugin details and make sure you are using the latest version of the plugin (currently 2.1.6).

Published on at by in: Funio

Funio Community

Funio on Google+