Written by: Jay H.
Vulnerabilities exposed over 3 million websites using the popular All in One SEO WordPress plugin to takeover attacks by critical vulnerabilities. The plugin’s developers released a security update for the flaws on December 7, 2021; however, over 820,000 websites have not updated the plugin, leaving them vulnerable to crippling attacks.
These flaws allow low-level permission roles such as subscribers to execute malicious code on vulnerable websites.
“If exploited, the SQL Injection vulnerability could grant attackers access to privileged information from the affected site’s database (e.g., usernames and hashed passwords),” said the security researchers who discovered the flaws.
More than three million websites use the All in One SEO plugin, and the vulnerabilities impact every version between 220.127.116.11 and 18.104.22.168. If your website uses this plugin, update it immediately to the latest version to patch these critical flaws.
Comments are closed.