Update Patches Vulnerability in the All in One SEO Pack WordPress Plugin

don-t-hack-me

A security release patching two privilege escalation vulnerabilities found earlier this week has been released
Two security flaws permit an attacker to escalate privileges and leave the site open for cross site scripting attacks. If you allow subscribers, authors and non-admin users logging in to wp-admin, you are a risk. If you have open registration, your site is at risk and you should update asap.

In privilege escalation, a logged-in user, without any sort of admin privileges (like an author of subscriber), can add or modify certain parameters used by the plugin. This includes SEO title, description and keyword meta tags.
In conjunction with another vulnerability this bug can also execute malicious Javascript code. Opening the site to potential javascript code injections and the opportunity to change the admin password or leaving a backdoor in your website’s files in order for later nefarious.
The fix is easy: Upgrade to the latest’s version

default
Post Written by

0 Comments

Leave A Reply


CommentLuv badge

%d bloggers like this: