Are you or your company using All in one SEO Pack? If yes, you must update it to the latest version as soon as possible. Security firm Sucuri has discovered some serious vulnerabilities in ‘All in One SEO Pack’ which can allow an attacker to modify your site’s meta description, which could harm your website’s search engine ranking negatively.
Sucuri reported “In the first case, a logged-in user, without possessing any kind of administrative privileges (like an author of subscriber), could add or modify certain parameters used by the plugin. It includes the post’s SEO title, description and keyword meta tags.”
Worldwide more than 70 million websites are using WordPress and about 16 million websites are using All in One SEO pack which make these websites vulnerable to perform DDos attacks or abuse WordPress site until they update their plugin to the latest version which is 2.1.6
Following is the change log provided by All in One SEO Pack’s developers for version 2.1.6