Major Exploits Found in All in One SEO Pack WordPress Plugin

If you employ the favored "All in One SEO Pack" WordPress plugin, you must update instantly. Two vulnerabilities and one cross-site scripting (XSS) flaw have been found.

Sucuri, a web monitoring and malware cleanup service was the primary to identify the exploits.

If you are an All in One SEO Pack plugin consumer and do not update, the best case state of affairs might be discovering your self faraway from Google's search index for spamming. And as a result of a malicious consumer might change the title, description, and key phrase meta tags, it opens up web sites to having that info modified by unauthorized third events.

However, one other exploit is far more harmful for website house owners:

...we additionally found this bug can be utilized with one other vulnerability to execute malicious Javascript code on an administrator's management panel. Now, because of this an attacker might probably inject any javascript code and do issues like altering the admin's account password to leaving some backdoor in your website's information in order to conduct much more "evil" actions later.

The WordPress plugin has greater than 18 million downloads, which suggests numerous WordPress-based mostly web sites are probably weak, particularly if site owners do not reap the benefits of automated updates.

Along with WordPress SEO by Yoast, the All in One SEO Pack is likely one of the hottest WordPress SEO plugins.

The up to date All in One SEO Pack plugin may be downloaded right here. As but, the plugin's creator hasn't made any remark concerning the state of affairs on his Twitter account or web sites.



Leave a Reply