When it comes to SEO on a WordPress blog, we always recommend All-In-One SEO Pack. And it’s not just us, this plugin has great popularity in our industry and in those alike. How else would you explain the fact that there are 73 million websites running WordPress and 20% of them are using this particular SEO Pack?
However, a vulnerability arose recently and the team released a patch.
If Semper Fi (the team responsible for this plugin) left the problem without solutions, it all could have resulted in millions of vulnerable websites.
The problem was discovered during a code audit carried by a security company called Sucuri. According to them, these are the risks:
– XSS attacks (cross site scripting)
– The attacker can conduct a privilege escalation. For instance, a logged-in user with no privileges can modify parameters used by the plugin. This, of course, can affect the website’s ranking in SERPs.
Semper Fi moved quickly and launched the patch immediately after receiving the news.
If you are using this plugin, update now, especially if your website has subscribers and authors.
Unfortunately, lately, more and more security issues gravitate around WordPress. We guess that, being open source and all, the more popularity it gets, the more threats there will be. We hope users are always on the watch to update and, of course, we expect developers to be very careful, to prevent and to fix (if needed).