A major vulnerability has been found in the popular WordPress plugin All in One SEO Pack. If you have it installed, your website may be at risk if the plugin is not updated. The vulnerability was announced by web security firm Sucuri. The flaw leaves websites at risk to users who do not have admin account allowing them to increase their access privileges and add malicious code in the admin panel. Attackers could also modify parameters using the plugin including page titles and meta descriptions. On their blog, Sucuri states that "if your site has subscribers, authors and non-admin users logging in to wp-admin, you are a risk. If you have open registration, you are at risk, so you have to update the plugin now." Download the latest version of the plugin here. After becoming aware of the issue, our hosting team immediately began updating all of our client sites. If you have any questions or concerns please do not hesitate to contact us.
