WordPress security pros at Sucuri discovered serious vulnerabilities in the very popular WordPress plugin All In One SEO earlier last week, potentially affecting millions of sites.
Security site Hacker News estimates more than 15 million WordPress sites are now using All In One SEO, so you can see what a big problem this was…
What exactly were the issues?
First, there was a vulnerability that allowed even low-level logged in users like Subscribers or Authors access to elements of All In One like SEO titles and meta descriptions. And second, another vulnerability also allowed attackers to inject malicious code in the Admin panel and do things like change an admin user’s account password.
A new version of the plugin that fixes both problems is now available, so please update to version 2.1.6 as soon as possible to protect your website.
WP Minder clients – we’ve got you covered. You’ve already been updated! And if you’re on the Small Business, Business or Enterprise Plans Sucuri has your back too, we work with them to monitor your sites for malware 24/7.