WordPress famous plugin “All in One SEO Pack” is having Vulnerability ! there are so many sites using this plugin. This particular plugin has recently been identified as having security vulnerabilities which may impact your website and site performance. A security patch was recently released by the developers of this plugin. If you have not updated your “All In One SEO Pack” plugin since 5/31/2014, it is highly recommended that you do so now. For more information regarding this vulnerability please visit http://blog.sucuri.net/2014/
“We security flaws that allows an attacker to conduct privilege escalation and cross site scripting (XSS) attacks.
In the first case, a logged-in user, without possessing any kind of administrative privileges (like an author of subscriber), could add or modify certain parameters used by the plugin. It includes the post’s SEO title, description and keyword meta tags. All of which could decrease one’s website’s Search Engine Results Page (SERP) ranking if used maliciously.”
How to prevent this from happening
We’re not going to reinvent the wheel on this one: upgrade to the latest version available for this plugin.
In the event where you could not do this, we highly recommend you to have a look at our CloudProxy WAF which has been updated to protect our customers from this threat.
The post Vulnerability found in All in One SEO Pack WordPress Plugin appeared first on Beyond web Logs.