Vulnerabilities in 'All in One SEO Pack' #Wordpress Plugin put sites at risk.
2014-06-03, 11:16 PM,
(This post was last modified: 2014-06-04, 12:58 PM by DutchPride.)
#1
[Image: 1kLsifa.png]

Vulnerabilities in 'All in One SEO Pack' #Wordpress Plugin put millions of Sites At Risk. Fix released, update your plugin immediately.

Multiple Serious vulnerabilities have been discovered in the most famous ‘All In One SEO Pack’ plugin for WordPress, that put millions of Wordpress websites at risk.
WordPress is easy to setup and use, that’s why large number of people like it. But if you or your company is using ‘All in One SEO Pack’ Wordpress plugin to optimize the website ranking in search engines, then you should update your SEO plugin immediately to the latest version of All in One SEO Pack 2.1.6.
Today, All in One SEO Pack plugin team has released an emergency security update that patches two critical privilege escalation vulnerabilities and one cross site scripting (XSS) flaw, discovered by security researchers at Sucuri, a web monitoring and malware clean up service.
More than 73 million websites on the Internet run their websites on the WordPress publishing platform and more than 15 million websites are currently using All in One SEO Pack plugin for search engine optimization.

According to Sucuri, the reported privilege escalation vulnerabilities allow an attacker to add and modify the WordPress website’s meta information, that could harm its search engine ranking negatively.
Quote:"In the first case, a logged-in user, without possessing any kind of administrative privileges (like an author of subscriber), could add or modify certain parameters used by the plugin. It includes the post’s SEO title, description and keyword meta tags." Sucuri said.

Also the reported cross-site scripting vulnerability can be exploited by malicious hackers to execute malicious JavaScript code on an administrator’s control panel. "This means that an attacker could potentially inject any JavaScript code and do things like changing the admin’s account password to leaving some backdoor in your website’s files in order to conduct even more “evil” activities later." Sucuri blog post said.
Vulnerability in WordPress plugins is the root cause for the majority of WordPress exploitation and this is one of the main tools in the web hackers' arsenal. The plugin vulnerabilities could be exploited to access sensitive information, deface websites, redirect visitors to any malicious site, or to perform DDoS attacks.
Till now, we haven't seen any web attacks conducted by exploiting these vulnerabilities in the wild, but WordPress website owners are recommended to update their All in One SEO Pack Wordpress plugin to the latest version immediately.

Credits go to the creators of this article, Because of our filter i can't link back to the article.

Any questions related to CPA belong here.
Before posting, make sure you are in the correct section.

I am temporarily absent due to family circumstances.

Reply
2014-06-04, 12:50 AM,
#2
Thanks for the heads up, now to update all of my sites... This is going to take a while!

Work hard, Play Hard!
Reply
2014-06-04, 05:59 PM,
#3
hmm this is shocking ! i had been using this plugin since some time! time for change! :)
Reply
2014-06-04, 06:00 PM,
#4
Thanks for letting us know about this!!
Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
  SEO Rapper Pyromaniac 9 473 2017-05-17, 12:14 PM
Last Post: nutnuts
  Need Adult Video Wordpress Theme DGR 3 1,101 2016-11-24, 07:51 PM
Last Post: torothemes
  Reverse Engineering SEO strategy? svenseverus 6 970 2016-10-18, 04:14 PM
Last Post: callieseye
  what is one thing you did in life you would not risk doing again elites? ScoobyDoo 5 1,091 2016-06-23, 09:36 PM
Last Post: ElitesCPABoss
  Going back through your old FTP sites is an eye opener HawkEye 0 462 2016-03-17, 03:19 PM
Last Post: HawkEye




About Us | Contact Us | CPA Elites | Advertise | Stats | Staff Team

© 2013-2017 CPA Elites Ltd
Enhanced by MyBB and WallBB
Return to top