All In One SEO Pack WordPress plugin vulnerability

Time to update

It was recently announced that the popular All In One SEO Pack WordPress plugin has two high-risk vulnerabilities. If you have a WordPress website, we recommend that you double-check to see if you have this plugin installed and update it to the latest version if you do.

The security vulnerabilities allow for cross-site scripting (XSS) attacks and privilege escalation attacks. This means that a member of your site (an author, subscriber, etc.) could possibly edit certain SEO fields on posts they don’t normally have access to — including the SEO title, description, and keywords. You can get more details about the vulnerability on the Sucuri Blog.

The fix? Again, if you use the All In One SEO Pack WordPress plugin, we recommend you update to the latest version immediately.

If you use this plugin and have Managed WordPress with us, we’ve automatically updated the plugin for you. This update shouldn’t affect your website, but we think it’s a good idea for you to double-check it, just in case.

As usual, don’t hesitate to contact us with any questions. We’re here to help (and keep you safe).

 

Shawn Pfunder
Shawn's been working with freelancers, entrepreneurs, and business owners for more than 20 years. He's consulted companies large and small on communication, social media, and marketing strategies. At heart he's a small-business superfan. He believes that working for yourself is one of the most courageous and creative moves anyone can make. Currently, he's the Editor in Chief for The Garage. When he's not hanging out with solopreneurs, Shawn loves to write, run, and travel. He's passionate about teaching and he's convinced that a good story is the best way to do it — especially if it involves El Caminos, potato fields, and really loud music.