Welcome to WebmasterWorld Guest from 188.8.131.52
Researchers from Web security firm Sucuri found two flaws in a plug-in called “All in One SEO Pack” that potentially allow attackers with access to non-administrative WordPress accounts to elevate their privileges and inject malicious code into the administration panel.
WordPress site administrators are advised to upgrade the “All in One SEO Pack” plug-in to version 2.1.6 which was released Sunday in the WordPress add-ons repository. An update can also be initiated from the plug-in’s administration panel.
The flaws allowed hackers to launch privilege escalation and cross site scripting attacks against vulnerable sites running old versions below 2.1.6. The plugin has been downloaded nearly 19 million times.
Michael Torbert @michaeltorbert ·
Watching @pbaylies from @semperfidev talk about debugging your WordPress at WordCamp Asheville #wcavl
Joost de Valk @yoast - Jun 1
Now might be a good time to remind you that WP SEO has a built-in import feature for All In One SEO Pack. Just switch :-)