Vulnerability Found in the All in One SEO Pack WordPress Plugin

All in One SEO Pack WordPress Plugin Update

All in One SEO Pack Leaves WordPress Sites At Risk

If you’re using the All in One SEO Pack plugin to help with the SEO of your WordPress website you better pay close attention. If you know someone who uses this SEO plugin, please forward this article to them as soon as possible. It seems there are some major exploits that have been found in the plugin and thankfully there is a fix – read on to find out what you need to do.

According to Sucuri, a web monitoring and malware cleanup service, there are two major vulnerabilities and one cross-site scripting (XSS) flaw that have been discovered with the plugin.

This plugin has well over 18 million downloads – this means that there are likely a huge number of WordPress websites that could be at risk. If you have a WordPress website, be sure you or your developer reads this article and downloads the latest update to the plugin. (download link is below) reports on how serious this vulnerability is especially if All in One SEO plugin users don’t update:

“If you’re an All in One SEO Pack plugin user and don’t update, the best case scenario could be finding yourself removed from Google’s search index for spamming. And because a malicious user could change the title, description, and keyword meta tags, it opens up websites to having that information changed by unauthorized third parties.

However, another exploit is much more dangerous for website owners:

…we also discovered this bug can be used with another vulnerability to execute malicious Javascript code on an administrator’s control panel. Now, this means that an attacker could potentially inject any javascript code and do things like changing the admin’s account password to leaving some backdoor in your website’s files in order to conduct even more “evil” activities later.”

Scary stuff…I’m happy to say that I do not use the All in One SEO plugin for any of our client’s WordPress websites. If we ever do use a plugin, I like WordPress SEO by Yoast.


How To Fix This Vulnerability

The good news is a fix is quick and easy. All you need to do, and do this right away, is to download and install the updated All in One SEO Pack plugin here.

Side note: Interestingly enough, there has been no comment made by the plugin’s creators.


* Featured Image Source