All In One SEO Pack Security Risk
Last night I received an email from my hosting company informing me of a vulnerability in the All In One SEO Pack plug-in for WordPress. If you are using this plug-in for your website, please take a moment to upgrade it now to the latest version (currently 2.1.7) avoid any unnecessary exposure.
What are the risks?
According to Surci.net’s blog post, the risks exist if your site allows for open registration or if you have authors or non-admin users logging into your site’s WordPress admin panel.
How to fix it?
Well if you’re running the All In One SEO Pack on your WordPress Site, you’ll just need to update it. An update can be downloaded from the plug-in’s website at https://wordpress.org/plugins/all-in-one-seo-pack. The developers have worked diligently to patch the vulnerabilities to keep your site safe. Just remember that prior to running and update, it’s always best to perform a site back-up, or at the very least, a database back-up.
Are you at risk?
If you are using the All In One SEO Pack plug-in then you ARE at risk.
If you are not using All In One SEO Pack plug-in, then you ARE NOT at risk.
One quick reminder
To avoid site vulnerabilities, always work with your web developer to make sure that you are running current versions of WordPress along with any plug-ins on your site. Updates not only address functionality, but also address security vulnerabilities such as this one.
If this is a little overwhelming, don’t worry. You should either contact your site admin and they should be able to handle it from there. If you don’t have a site admin, just send me a message through my Contact page and I’ll help you out.