Wordfence found a vulnerability in the All In One SEO Pack plugin
Hi WAmily,
On July 10, 2020, the Wordfence Threat Intelligence team discovered a vulnerability in All In One SEO Pack, a WordPress plugin installed on over 2 million sites. This flaw allowed authenticated users with contributor level access or above the ability to inject malicious scripts that would be executed if a victim accessed the wp-admin panel’s ‘all posts’ page.
They reached out to the plugin’s team the same day of discovery on July 10, 2020 and a patch was released just a few days later on July 15, 2020.
Since most of us at WA use this plugin, make sure you have the latest update! (version 3.6.2)
My advice is also to keep an eye on that plugin the coming weeks as further updates might be released.
All the best,
Luc
Recent Comments
21
Thank you Luc.
I only use 'All in One' on one of my site, the others have Yoast.
I have been thinking for a while now that I should replace the last one as well.
All the best. Jim
Thanks for the heads up..but in this case will the update prompt you automatically or you have to get and install.?
Does the update apply to those using the Lite version.?
See more comments
Thanks for the information, Luc. As a locksmith, I always tell my customers that locks only keep honest people out, unfortunately, the same applies to electronic security as well! Jeff