All in One SEO Pack vulnerabilities

The web security team at Sucuri recently discovered a couple of vulnerabilities in the popular All in One SEO Pack plugin.

If All in One SEO Pack is installed on your self-hosted WordPress site, your site’s security may be at risk, and you should upgrade to the latest version of the plugin immediately.

The vulnerabilities may allow users without administrative access to upgrade their user roles and gain administrative privileges on your site. Such users may also be able to execute malicious code on your site.

The authors of All in One SEO Pack have issued a security update that addresses these vulnerabilities. If you are running version 2.1.5 or earlier, you should assume that your site is vulnerable and immediately upgrade to the latest version of All in One SEO Pack. VaultPress Premium subscribers will also be alerted to update this plugin in their dashboard.

You can upgrade automatically from Dashboard Plugins in your WordPress dashboard. Alternatively, you can download the latest version of All in One SEO Pack from the WordPress Plugin Directory, and install the plugin manually.

 

 

About Chris

I work and play at WordPress.com, and spend my offline time drinking chai tea and running around in parks.
This entry was posted in Announcements, General, Security. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s