Vulnerabilities in 'All in One SEO Pack' #Wordpress Plugin put sites at risk.
2014-06-03, 11:16 PM, (This post was last modified: 2014-06-04, 12:58 PM by DutchPride.)
[Image: 1kLsifa.png]

Vulnerabilities in 'All in One SEO Pack' #Wordpress Plugin put millions of Sites At Risk. Fix released, update your plugin immediately.

Multiple Serious vulnerabilities have been discovered in the most famous ‘All In One SEO Pack’ plugin for WordPress, that put millions of Wordpress websites at risk.
WordPress is easy to setup and use, that’s why large number of people like it. But if you or your company is using ‘All in One SEO Pack’ Wordpress plugin to optimize the website ranking in search engines, then you should update your SEO plugin immediately to the latest version of All in One SEO Pack 2.1.6.
Today, All in One SEO Pack plugin team has released an emergency security update that patches two critical privilege escalation vulnerabilities and one cross site scripting (XSS) flaw, discovered by security researchers at Sucuri, a web monitoring and malware clean up service.
More than 73 million websites on the Internet run their websites on the WordPress publishing platform and more than 15 million websites are currently using All in One SEO Pack plugin for search engine optimization.

According to Sucuri, the reported privilege escalation vulnerabilities allow an attacker to add and modify the WordPress website’s meta information, that could harm its search engine ranking negatively.
Quote:"In the first case, a logged-in user, without possessing any kind of administrative privileges (like an author of subscriber), could add or modify certain parameters used by the plugin. It includes the post’s SEO title, description and keyword meta tags." Sucuri said.

Also the reported cross-site scripting vulnerability can be exploited by malicious hackers to execute malicious JavaScript code on an administrator’s control panel. "This means that an attacker could potentially inject any JavaScript code and do things like changing the admin’s account password to leaving some backdoor in your website’s files in order to conduct even more “evil” activities later." Sucuri blog post said.
Vulnerability in WordPress plugins is the root cause for the majority of WordPress exploitation and this is one of the main tools in the web hackers' arsenal. The plugin vulnerabilities could be exploited to access sensitive information, deface websites, redirect visitors to any malicious site, or to perform DDoS attacks.
Till now, we haven't seen any web attacks conducted by exploiting these vulnerabilities in the wild, but WordPress website owners are recommended to update their All in One SEO Pack Wordpress plugin to the latest version immediately.

Credits go to the creators of this article, Because of our filter i can't link back to the article.

Any questions related to CPA belong here.
Before posting, make sure you are in the correct section.

I am temporarily absent due to family circumstances.

Share This Thread :

2014-06-04, 12:50 AM,
Thanks for the heads up, now to update all of my sites... This is going to take a while!

Work hard, Play Hard!
2014-06-04, 05:59 PM,
hmm this is shocking ! i had been using this plugin since some time! time for change! :)
2014-06-04, 06:00 PM,
Thanks for letting us know about this!!

[Image: banner1.gif]
PM Me After You Signup

Related Threads
Thread Author Replies Views Last Post
  Trump administration will put steel and aluminum tariffs on Canada, Mexico and the EU faithalo 8 133 2018-06-01, 12:03 AM
Last Post: jack007
  Question: Do the new Privacy Policy Regulations affect CPA Sites? finnishhacker 3 210 2018-05-26, 12:22 AM
Last Post: CharlieHarper
  SEO IS DEAD! Prove me wrong if you can![Online marketing is no longer cheap business] Royal_Wolf 28 1,688 2018-02-25, 09:52 AM
Last Post: matheenn
  SEO Rapper Pyromaniac 9 715 2017-05-17, 12:14 PM
Last Post: nutnuts
  Need Adult Video Wordpress Theme DGR 3 1,378 2016-11-24, 07:51 PM
Last Post: torothemes

About Us | Contact Us | CPA Elites | Advertise | Stats

© 2013-2018 CPA Elites Ltd
Enhanced by MyBB and WallBB
Return to top