WordPress All In One SEO Pack plugin zero-day vulnerability

Updated on September 23, 2020 by Jeff Matson

34 Seconds to Read

It has come to our attention that a zero-day vulnerability has been discovered within the All In One SEO Pack plugin which lets a non-privileged user either modify SEO data in posts or inject javascript into an administrators panel to execute malicious code. The developer has released a patch for this vulnerability which resolves the issue with a simple update of the plugin to version 2.1.6.

What if I am affected?

If you are affected by the vulnerability in the All In One SEO Pack plugin, update to version 2.1.6 immediately. After doing so, we recommend that you run Sucuri SiteCheck as well to ensure that there is not any compromised code running within your WordPress site.

Comments

It looks like this article doesn't have any comments yet - you can be the first. If you have any comments or questions, start the conversation!

Was this article helpful? Let us know!

WORDPRESS EDU

Download the Free Small Business Guide to WordPress eBook

This 43-page ebook gives small business owners of all skill levels the resources needed to create, connect, and grow a WordPress website. The more time you spend with this book, the more comfortable you’ll be with WordPress as your tool of choice.

Free eBook Download

Featured Articles