{"id":2661,"date":"2014-06-02T18:52:19","date_gmt":"2014-06-02T22:52:19","guid":{"rendered":"http:\/\/blog.funio.com\/en\/?p=2661"},"modified":"2014-06-02T18:52:37","modified_gmt":"2014-06-02T22:52:37","slug":"vulnerability-found-in-the-wordpress-plugin-all-in-one-seo-pack","status":"publish","type":"post","link":"https:\/\/blog.funio.com\/en\/2014\/06\/vulnerability-found-in-the-wordpress-plugin-all-in-one-seo-pack\/","title":{"rendered":"Vulnerability Found In the WordPress plugin &#8220;All in One SEO Pack&#8221;"},"content":{"rendered":"<p>The security enthusiasts at Sucuri found two security vulnerabilities in the very popular WordPress plugin &#8220;<a href=\"http:\/\/semperfiwebdesign.com\/category\/blog\/all-in-one-seo-pack\/\" target=\"_blank\">All In One SEO Pack<\/a>&#8220;. Indeed, with over 18 million downloads, we think it&#8217;s worth the attention of all WordPress users.<\/p>\n<p>These security gaps would allow attackers to access non-administrative user accounts (author, subscriber and other non-admin), to elevate their privileges and inject malicious code in the WordPress administrative control panel.<\/p>\n<p>Rest assured, the team that created the plugin in question has already made available a patch that corrects this problem.<\/p>\n<p>Marc-Alexandre Montpas, author of the article on this subject on the <a href=\"http:\/\/blog.sucuri.net\/2014\/05\/vulnerability-found-in-the-all-in-one-seo-pack-wordpress-plugin.html\" target=\"_blank\">Sucuri blog<\/a>, explains with a bit more detail how an ill-intentioned person could use these vulnerabilities and create a privilege escalation on a user that does not have administrative rights.<\/p>\n<p>The repercussions of these vulnerabilities can be as much at the level of search rankings (SEO and SERP), but can also affect the WordPress site by allowing cross-site scripting (XSS).<\/p>\n<h2>How to prevent this problem?<\/h2>\n<p>As easily as updating the plugin! From your WordPress admin control panel, go to the plugins section and select &#8220;All In One SEO Pack&#8221;. From the drop-down menu (at the top or bottom of the page), select the update option. The system should automatically recuperate the most recent available version for you automatically.<\/p>\n<p>To be sure all is in order, look at the plugin details and make sure you are using the latest version of the plugin (currently 2.1.6).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The security enthusiasts at Sucuri found two security vulnerabilities in the very popular WordPress plugin &#8220;All In One SEO Pack&#8220;. Indeed, with over 18 million downloads, we think it&#8217;s worth the attention of all WordPress users. These security gaps would allow attackers to access non-administrative user accounts (author, subscriber and other non-admin), to elevate their [&#8230;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[6,83,26,116],"class_list":["post-2661","post","type-post","status-publish","format-standard","hentry","category-funio","tag-default","tag-httpmedia-funio-comimageskbblogwordpress-logo-png","tag-security","tag-wordpress"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Vulnerability Found In the Wordpress plugin &quot;All in One SEO Pack&quot; - Funio Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.funio.com\/en\/2014\/06\/vulnerability-found-in-the-wordpress-plugin-all-in-one-seo-pack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerability Found In the Wordpress plugin &quot;All in One SEO Pack&quot; - Funio Blog\" \/>\n<meta property=\"og:description\" content=\"The security enthusiasts at Sucuri found two security vulnerabilities in the very popular WordPress plugin &#8220;All In One SEO Pack&#8220;. Indeed, with over 18 million downloads, we think it&#8217;s worth the attention of all WordPress users. These security gaps would allow attackers to access non-administrative user accounts (author, subscriber and other non-admin), to elevate their [...]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.funio.com\/en\/2014\/06\/vulnerability-found-in-the-wordpress-plugin-all-in-one-seo-pack\/\" \/>\n<meta property=\"og:site_name\" content=\"Funio Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/FunioHosting\" \/>\n<meta property=\"article:published_time\" content=\"2014-06-02T22:52:19+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2014-06-02T22:52:37+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@funiohosting\" \/>\n<meta name=\"twitter:site\" content=\"@funiohosting\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/blog.funio.com\\\/en\\\/2014\\\/06\\\/vulnerability-found-in-the-wordpress-plugin-all-in-one-seo-pack\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blog.funio.com\\\/en\\\/2014\\\/06\\\/vulnerability-found-in-the-wordpress-plugin-all-in-one-seo-pack\\\/\"},\"author\":{\"name\":\"\",\"@id\":\"\"},\"headline\":\"Vulnerability Found In the WordPress plugin &#8220;All in One SEO Pack&#8221;\",\"datePublished\":\"2014-06-02T22:52:19+00:00\",\"dateModified\":\"2014-06-02T22:52:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/blog.funio.com\\\/en\\\/2014\\\/06\\\/vulnerability-found-in-the-wordpress-plugin-all-in-one-seo-pack\\\/\"},\"wordCount\":251,\"commentCount\":0,\"keywords\":[\"Default\",\"http:\\\/\\\/media.funio.com\\\/images\\\/kb\\\/blog\\\/wordpress-logo.png\",\"security\",\"wordpress\"],\"articleSection\":[\"Funio\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/blog.funio.com\\\/en\\\/2014\\\/06\\\/vulnerability-found-in-the-wordpress-plugin-all-in-one-seo-pack\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/blog.funio.com\\\/en\\\/2014\\\/06\\\/vulnerability-found-in-the-wordpress-plugin-all-in-one-seo-pack\\\/\",\"url\":\"https:\\\/\\\/blog.funio.com\\\/en\\\/2014\\\/06\\\/vulnerability-found-in-the-wordpress-plugin-all-in-one-seo-pack\\\/\",\"name\":\"Vulnerability Found In the Wordpress plugin \\\"All in One SEO Pack\\\" - Funio Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blog.funio.com\\\/en\\\/#website\"},\"datePublished\":\"2014-06-02T22:52:19+00:00\",\"dateModified\":\"2014-06-02T22:52:37+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/blog.funio.com\\\/en\\\/2014\\\/06\\\/vulnerability-found-in-the-wordpress-plugin-all-in-one-seo-pack\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/blog.funio.com\\\/en\\\/2014\\\/06\\\/vulnerability-found-in-the-wordpress-plugin-all-in-one-seo-pack\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/blog.funio.com\\\/en\\\/2014\\\/06\\\/vulnerability-found-in-the-wordpress-plugin-all-in-one-seo-pack\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/blog.funio.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerability Found In the WordPress plugin &#8220;All in One SEO Pack&#8221;\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/blog.funio.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/blog.funio.com\\\/en\\\/\",\"name\":\"Funio Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/blog.funio.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"\",\"url\":\"https:\\\/\\\/blog.funio.com\\\/en\\\/author\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerability Found In the Wordpress plugin \"All in One SEO Pack\" - Funio Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.funio.com\/en\/2014\/06\/vulnerability-found-in-the-wordpress-plugin-all-in-one-seo-pack\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerability Found In the Wordpress plugin \"All in One SEO Pack\" - Funio Blog","og_description":"The security enthusiasts at Sucuri found two security vulnerabilities in the very popular WordPress plugin &#8220;All In One SEO Pack&#8220;. Indeed, with over 18 million downloads, we think it&#8217;s worth the attention of all WordPress users. These security gaps would allow attackers to access non-administrative user accounts (author, subscriber and other non-admin), to elevate their [...]","og_url":"https:\/\/blog.funio.com\/en\/2014\/06\/vulnerability-found-in-the-wordpress-plugin-all-in-one-seo-pack\/","og_site_name":"Funio Blog","article_publisher":"https:\/\/www.facebook.com\/FunioHosting","article_published_time":"2014-06-02T22:52:19+00:00","article_modified_time":"2014-06-02T22:52:37+00:00","twitter_card":"summary_large_image","twitter_creator":"@funiohosting","twitter_site":"@funiohosting","twitter_misc":{"Written by":"","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.funio.com\/en\/2014\/06\/vulnerability-found-in-the-wordpress-plugin-all-in-one-seo-pack\/#article","isPartOf":{"@id":"https:\/\/blog.funio.com\/en\/2014\/06\/vulnerability-found-in-the-wordpress-plugin-all-in-one-seo-pack\/"},"author":{"name":"","@id":""},"headline":"Vulnerability Found In the WordPress plugin &#8220;All in One SEO Pack&#8221;","datePublished":"2014-06-02T22:52:19+00:00","dateModified":"2014-06-02T22:52:37+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.funio.com\/en\/2014\/06\/vulnerability-found-in-the-wordpress-plugin-all-in-one-seo-pack\/"},"wordCount":251,"commentCount":0,"keywords":["Default","http:\/\/media.funio.com\/images\/kb\/blog\/wordpress-logo.png","security","wordpress"],"articleSection":["Funio"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/blog.funio.com\/en\/2014\/06\/vulnerability-found-in-the-wordpress-plugin-all-in-one-seo-pack\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/blog.funio.com\/en\/2014\/06\/vulnerability-found-in-the-wordpress-plugin-all-in-one-seo-pack\/","url":"https:\/\/blog.funio.com\/en\/2014\/06\/vulnerability-found-in-the-wordpress-plugin-all-in-one-seo-pack\/","name":"Vulnerability Found In the Wordpress plugin \"All in One SEO Pack\" - Funio Blog","isPartOf":{"@id":"https:\/\/blog.funio.com\/en\/#website"},"datePublished":"2014-06-02T22:52:19+00:00","dateModified":"2014-06-02T22:52:37+00:00","author":{"@id":""},"breadcrumb":{"@id":"https:\/\/blog.funio.com\/en\/2014\/06\/vulnerability-found-in-the-wordpress-plugin-all-in-one-seo-pack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.funio.com\/en\/2014\/06\/vulnerability-found-in-the-wordpress-plugin-all-in-one-seo-pack\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.funio.com\/en\/2014\/06\/vulnerability-found-in-the-wordpress-plugin-all-in-one-seo-pack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.funio.com\/en\/"},{"@type":"ListItem","position":2,"name":"Vulnerability Found In the WordPress plugin &#8220;All in One SEO Pack&#8221;"}]},{"@type":"WebSite","@id":"https:\/\/blog.funio.com\/en\/#website","url":"https:\/\/blog.funio.com\/en\/","name":"Funio Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.funio.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"","url":"https:\/\/blog.funio.com\/en\/author\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.funio.com\/en\/wp-json\/wp\/v2\/posts\/2661","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.funio.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.funio.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.funio.com\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.funio.com\/en\/wp-json\/wp\/v2\/comments?post=2661"}],"version-history":[{"count":1,"href":"https:\/\/blog.funio.com\/en\/wp-json\/wp\/v2\/posts\/2661\/revisions"}],"predecessor-version":[{"id":2662,"href":"https:\/\/blog.funio.com\/en\/wp-json\/wp\/v2\/posts\/2661\/revisions\/2662"}],"wp:attachment":[{"href":"https:\/\/blog.funio.com\/en\/wp-json\/wp\/v2\/media?parent=2661"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.funio.com\/en\/wp-json\/wp\/v2\/categories?post=2661"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.funio.com\/en\/wp-json\/wp\/v2\/tags?post=2661"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}