Security breach on All in One SEO Pack
Published on June 3, 2014
Published on Wealthy Affiliate — a platform for building real online businesses with modern training and AI.
Many of our websites could be in risk of compromise if we don't update "All in One SEO Pack" plugin. The new version will fix serious vulnerabilities.
Why?!
Well Sucuri researches (This a Web security firm) found two flaws in “All in One SEO Pack”
If your site has subscribers, authors and non-admin users logging in to wp-admin, you are a risk. If you have open registration, you are at risk, so you have to update the plugin now. the Sucuri researchers wrote in a blog.
Ready to put this into action?
Start your free journey today — no credit card required.
In other words, The first flaw can be exploited by a regular user (Author or a subscriber) to change your SEO description (in a blog or page) and keywords meta tags, causing decreasing Search Engine Results Page (SERP) if is using maliciously.
The second flaw sucuri explains:
we also discovered this bug can be used with another vulnerability to execute malicious Javascript code on an administrator’s control panel.
This means an attacker could do things like change your admin account’s password or insert backdoor code into your website files to conduct other malicious activities later time as Sucuri researchers said.
Solution?!
Yes. Don't panic. It's very easy just update your "All in One SEO Pack" from Wordpress repository. :D
Hope helps you. :)
Regards
Jorge
Share this insight
This conversation is happening inside the community.
Join free to continue it.The Internet Changed. Now It Is Time to Build Differently.
If this article resonated, the next step is learning how to apply it. Inside Wealthy Affiliate, we break this down into practical steps you can use to build a real online business.
No credit card. Instant access.