1. Home
  2. Forums Index
  3. Server Side / WordPress 2:00 pm May 11, 2026

Forum Moderators: rogerd & travelin cat

Message Too Old, No Replies

XSS Vulnerability in All In One SEO Pack WP Plugin

         

phranque

10:53 pm on Jul 16, 2020 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



On July 10, 2020, our Threat Intelligence team discovered a vulnerability in All In One SEO Pack, a WordPress plugin installed on over 2 million sites. This flaw allowed authenticated users with contributor level access or above the ability to inject malicious scripts that would be executed if a victim accessed the wp-admin panel’s ‘all posts’ page.

We reached out to the plugin’s team the same day of discovery on July 10, 2020 and a patch was released just a few days later on July 15, 2020.


source: [wordfence.com...]

a more detailed description of the threat is in the announcement linked above.

not2easy

11:02 pm on Jul 16, 2020 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



This was fixed in version 3.6.2 so an update is available now.

tangor

1:01 am on Jul 17, 2020 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Though I rarely use WP for anything of mine, some I consult for do use the product AND the myriad and various plugins. I must admit that when vulnerabilities are discovered in WP or WP based products are found all concerned seem to address the issues with great speed and dispatch. Can't say that about some other CMS packages out there. (sigh).
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / WordPress 2:00 pm May 11, 2026