800k WordPress Websites Vulnerable To SEO Plugin Vulnerabilities

WordPress plugin security vulnerability concept

Written by: Jay H.

Vulnerabilities exposed over 3 million websites using the popular All in One SEO WordPress plugin to takeover attacks by critical vulnerabilities. The plugin’s developers released a security update for the flaws on December 7, 2021; however, over 820,000 websites have not updated the plugin, leaving them vulnerable to crippling attacks.

These flaws allow low-level permission roles such as subscribers to execute malicious code on vulnerable websites.

“If exploited, the SQL Injection vulnerability could grant attackers access to privileged information from the affected site’s database (e.g., usernames and hashed passwords),” said the security researchers who discovered the flaws.

Update ASAP

More than three million websites use the All in One SEO plugin, and the vulnerabilities impact every version between and If your website uses this plugin, update it immediately to the latest version to patch these critical flaws.

Protected by Copyscape

Comments are closed.