SEO plugin for wordpress websites contains flaws that leads to serious vulnerabilities

Paul Bullock

Published Tue 03 Jun by Paul Bullock in Web News

WordPress users of the popular 'All in One SEO Pack' plug-in are at risk of compromise if their developers fail to upgrade to the newly released version that fixes the problem.

WordPress users of the popular 'All in One SEO Pack' plug-in are at risk of compromise if their developers fail to upgrade to the newly released version that fixes the problem.

The 'all in One SEO Pack' plug-in for wordpress websites optimises content to be indexed more efficiently by search engine crawlers which creates a better rank in the search results. figures from the official WordPress add-ons repository indicate the plug-in has been downloaded 18.5 million times.

The web security firm Sucuri found two flaws in the plug-in. One flaw allows a regular user/subscriber to alter a post's SEO title, description and keyword meta tags, potentially resulting in a lower site ranking. This first flaw, in conjunction with the second, can lead to malicious javascript code being injected into the page. 

Ultimately an attacker could insert a backdoor into the website that can then be used at a later date for malicious intent. Other immediate threats such as the alteration of passwords is also possible.

The web security firm Sucuri found flaws in the 'All in One SEO Pack' plug-in that allows attackers without administrative WordPress accounts to increase their privileges and inject malicious content. The Sucuri analysts said in a recent blogpost that "If your site has subscribers, authors and non-admin users logging in to wp-admin, you are at risk. If you have open registration, you are at risk, so you have to update the plugin now."

WordPress sites are well known for being attacked over the years especially via third party components such as plug-ins.

WordPress developers are advised to upgrade the "All in One SEO Pack" plug-in to version 2.1.6 available at the WordPress add-ons repository.

Have you been affected by attacks through the 'All in One SEO Pack' plug-in ? Need help, visit our ask an expert.

Be The First to Comment on This Item

  • No comments for this item yet

    Why not be the first?

Comments Closed

Comments for SEO plugin for wordpress websites contains flaws that leads to serious vulnerabilities are now closed


What's New With The Team?

More Recent Updates

UK: 0115 8088303

INT: +44 (0)115 8088303

29 Royal Standard House
Standard Hill
Nottingham
NG1 6FX




Nottingham Web Development