It was recently announced that the popular All In One SEO Pack WordPress plugin has two high-risk vulnerabilities. If you have a WordPress website, we recommend that you double-check to see if you have this plugin installed and update it to the latest version if you do.
The security vulnerabilities allow for cross-site scripting (XSS) attacks and privilege escalation attacks. This means that a member of your site (an author, subscriber, etc.) could possibly edit certain SEO fields on posts they don’t normally have access to — including the SEO title, description, and keywords. You can get more details about the vulnerability on the Sucuri Blog.
The fix? Again, if you use the All In One SEO Pack WordPress plugin, we recommend you update to the latest version immediately.
If you use this plugin and have Managed WordPress with us, we’ve automatically updated the plugin for you. This update shouldn’t affect your website, but we think it’s a good idea for you to double-check it, just in case.
As usual, don’t hesitate to contact us with any questions. We’re here to help (and keep you safe).