Alert: All in One SEO WordPress Plugin Vulnerable
Warning: The popular All in One SEO Pack WordPress plugin has been deemed vulnerable to privilege escalation and cross site scripting attacks. All versions of the plugin prior to the recently released 2.1.6 are affected. To mitigate this threat, download version 2.1.6 as soon as possible.
The discovered privilege escalation vulnerability allows WordPress users to modify your website’s SEO components without needing administrator permissions. A malicious actor could do so to negatively impact your website’s search engine ranking.
Cross Site Scripting
The most immediate method of threat mitigation is to download the official plugin update to version 2.6.1. Additionally, you should evaluate how users interact with your WordPress site. Disabling open registration can increase your site’s security and can help protect it from future threats of this nature.
More details on these vulnerabilities can be found at the Sucuri Blog.
Have a Great (Malware-Free) Day!
Zberp Banking Trojan: A Hybrid of Carberp and Zeus