If you employ the favored “All in One SEO Pack” WordPress plugin, you must update instantly. Two vulnerabilities and one cross-site scripting (XSS) flaw have been found.
Sucuri, a web monitoring and malware cleanup service was the primary to identify the exploits.
If you are an All in One SEO Pack plugin consumer and do not update, the best case state of affairs might be discovering your self faraway from Google’s search index for spamming. And as a result of a malicious consumer might change the title, description, and key phrase meta tags, it opens up web sites to having that info modified by unauthorized third events.
However, one other exploit is far more harmful for website house owners:
The WordPress plugin has greater than 18 million downloads, which suggests numerous WordPress-based mostly web sites are probably weak, particularly if site owners do not reap the benefits of automated updates.
Along with WordPress SEO by Yoast, the All in One SEO Pack is likely one of the hottest WordPress SEO plugins.
The up to date All in One SEO Pack plugin may be downloaded right here. As but, the plugin’s creator hasn’t made any remark concerning the state of affairs on his Twitter account or web sites.