All In One SEO Pack a popular WordPress SEO plugin, was recently discovered to have security flaws that could compromise the SEO of your website and the over all security of the website.
Sucuri the organization that discovered these two glitches “If your site has subscribers, authors and non-admin users logging in to wp-admin, you are a risk,” the Sucuri researchers said Saturday in a blog post. “If you have open registration, you are at risk, so you have to update the plugin now.”.
The exploits are quite different, but together they make a nasty pair.
All In One SEO Pack Exploits
Exploit one is where any user subscriber or admin has the ability to change the meta information of an article. For instance let’s say I was a subscriber to your website, I would be able to change the SEO title of I love dogs to I eat dogs and everyone would ignore that website hurting your over all SEO.
Exploit two is one where someone can inject malicious code into your administration panel. This basically means if I wanted to I could place a malicious script in your administration panel and when ever you load into your administration panel, it will load the script and cause you whatever damage I wanted it to.
If you are using this plugin and have not updated it to the most recent release, it is imperative that you do so or your website is going to be at risk. However, if you are not open to registration this is not as big of an issue. However, it is still a security flaw that can be easily patched and you should do so as quickly as possible to prevent any potential damage from coming to your website.