Security breach on All in One SEO Pack

Last Update: June 02, 2014

Many of our websites could be in risk of compromise if we don't update "All in One SEO Pack" plugin. The new version will fix serious vulnerabilities.

Why?!

Well Sucuri researches (This a Web security firm) found two flaws in “All in One SEO Pack”

If your site has subscribers, authors and non-admin users logging in to wp-admin, you are a risk. If you have open registration, you are at risk, so you have to update the plugin now. the Sucuri researchers wrote in a blog.

In other words, The first flaw can be exploited by a regular user (Author or a subscriber) to change your SEO description (in a blog or page) and keywords meta tags, causing decreasing Search Engine Results Page (SERP) if is using maliciously.

The second flaw sucuri explains:

we also discovered this bug can be used with another vulnerability to execute malicious Javascript code on an administrator’s control panel.

This means an attacker could do things like change your admin account’s password or insert backdoor code into your website files to conduct other malicious activities later time as Sucuri researchers said.

Solution?!

Yes. Don't panic. It's very easy just update your "All in One SEO Pack" from Wordpress repository. :D

Hope helps you. :)

Regards

Jorge

Join the Discussion
Write something…
Recent messages
Mikaeri Premium
Defiantly worth knowing, thanks for the heads up Jorge
Reply
jespinola Premium
Yes . It's important to know. Most welcome. :)
Reply
Funmine Premium
Thanks for the reminder. High priority!!
Reply
jespinola Premium
Ade,

Yeah please add on your priority list. Very important. Thanks for reading. :)
Reply
Funmine Premium
I did the update. Thanks Jorge!
Reply
jespinola Premium
Fantastic. :D
Reply
FLCGroup Premium
Thanks!
Reply
jespinola Premium
No probs. Did you update your SEO plugin?!
Reply
FLCGroup Premium
Yesterday. Appreciate it!
Reply
jespinola Premium
Aw fab. :)
Reply
scottyb2good Premium Plus
Thanks for the heads up Jorge. I will update mine
Reply
jespinola Premium
Yeah. Do it now because it's very important of you have another wp users.

Most welcome. :D
Reply
Karyskis Premium
Thank you for the heads up. I updated most of mine today. ;)
Reply
jespinola Premium
Most welcome Kary. I always try to have my domains safe. :)
Reply
Top