The web security team at Sucuri recently discovered a couple of vulnerabilities in the popular All in One SEO Pack plugin.
If All in One SEO Pack is installed on your self-hosted WordPress site, your site’s security may be at risk, and you should upgrade to the latest version of the plugin immediately.
The vulnerabilities may allow users without administrative access to upgrade their user roles and gain administrative privileges on your site. Such users may also be able to execute malicious code on your site.
The authors of All in One SEO Pack have issued a security update that addresses these vulnerabilities. If you are running version 2.1.5 or earlier, you should assume that your site is vulnerable and immediately upgrade to the latest version of All in One SEO Pack. VaultPress Premium subscribers will also be alerted to update this plugin in their dashboard.
You can upgrade automatically from Dashboard → Plugins in your WordPress dashboard. Alternatively, you can download the latest version of All in One SEO Pack from the WordPress Plugin Directory, and install the plugin manually.