serious vulnerabilities found in all in one seo pack update it now

Serious Vulnerabilities Found in ‘All in One SEO Pack’ – Update it Now!

Are you or your company using All in one SEO Pack? If yes, you must update it to the latest version as soon as possible.

Security firm Sucuri has discovered some serious vulnerabilities in ‘All in One SEO Pack’ which can allow an attacker to modify your site’s meta description, which could harm your website’s search engine ranking negatively.

WordPress_›_All_in_One_SEO_Pack_

Sucuri reported “In the first case, a logged-in user, without possessing any kind of administrative privileges (like an author of subscriber), could add or modify certain parameters used by the plugin. It includes the post’s SEO title, description and keyword meta tags.”

Experts at Sucuri also reported that cross-site scripting vulnerability can be exploited by malicious hackers to execute malicious JavaScript code on an administrator’s control panel.

This means that a hacker could inject any JavaScript code and do things like creating new admin accounts or leaving some backdoors in your website to conduct even more harmful operations later.

Worldwide more than 70 million websites are using WordPress and about 16 million websites are using All in One SEO pack which make these websites vulnerable to perform DDos attacks or abuse WordPress site until they update their plugin to the latest version which is 2.1.6

Following is the change log provided by All in One SEO Pack’s developers for version 2.1.6

All_in_One_SEO_Pack_Changelog

Images are courtesy of WordPress and Sucuri