All In One SEO Pack Vulnerability in WordPress — Fix
It has come to our attention that a word press plugin named "All in One SEO Pack" has been identified to have a security flaw which will allow for malicious code to be inserted in your WordPress site. This is an important security issue that can affect any site running this plugin.
With this exploit a regular users, author, or subscriber of your site can simply edit the post's SEO information created by the plugin. This exploit can also be used in tandem with JavaScript code injected via the sites administrator panel to run the exploit when certain or all pages are loaded.
This security vulnerability has recently been patched. If you are a user running the All in One SEO Pack prior to version 2.1.6, we highly recommend that you upgrade as soon as possible to prevent any possible issues that you may come across.
If you are a
Managed.com customer, and you have any questions about this security vulnerability, or you need any help with updating the plugin, contact our support team. We're happy to help.
------
Further Resources:
Vulnerability found in the All in One SEO Pack WordPress Plugin [
Sucuri].
All In One SEO Pack WordPress Plugin Vulnerabilities [
TripWire].
Article ID: 2005, Created: June 4, 2014 at 6:56 PM, Modified: September 23, 2016 at 4:21 PM