wordpress featured image
WordPress

A Flaw In The All-In-One SEO Pack WordPress Plugin May Be Putting Your Website At Risk

If you have the All-In-One SEO Pack WordPress plugin installed, your website may be at risk of being compromised if it’s not updated. A update was released on Sunday that patches two vulerabilities.

Over the weekend, Web security firm Sucuri announced that they discovered two security flaws in All in One SEO Pack plugin. The flaws leave your website at risk to attacks by users with non-admin accounts.

In addition to being able to add or modify certain parameters used by the plugin, attackers can also elevate their privileges and inject malicious code into the administration panel.

Sucuri cautions website owners that they may be at risk if their site has subscribers, authors and non-admin users logging in to the wp-admin panel.

If your website allows for open registrations, Sucuri says you are at risk and need to update the plugin right now.

How To Proctect Your Website

It is recommended that WordPress admins update the All in One SEO Pack plug-in to version 2.1.6, which was released on Sunday.

Slobodan Manic, CTO of Search Engine Journal, offers an alternative recommendation:

SEJ migrated some time ago from “All in One SEO Pack” to “WordPress SEO by Yoast”, which historically hasn’t had any security issues. Migrating was really easy.

To migrate to the more secure SEO by Yoast plugin, follow the steps provided in this post. If you’re not interested in using a new plugin, updating your ‘All in One’ plugin should fix the problem just as well.

 A Flaw In The All In One SEO Pack WordPress Plugin May Be Putting Your Website At Risk

Matt Southern

Freelance Writer at MattSouthern.com
Matt Southern is the lead news writer at Search Engine Journal. His passion for helping people in all aspects of online marketing flows through in the expert articles he contributes to many well respected publications across the web. Contact him via his website if you'd like him to write for you.
 A Flaw In The All In One SEO Pack WordPress Plugin May Be Putting Your Website At Risk

You Might Also Like

Leave a Reply

5 thoughts on “A Flaw In The All-In-One SEO Pack WordPress Plugin May Be Putting Your Website At Risk

  1. SEO Yoast I though was the standard plug in, I certainly find it easier ti use, This security threat will of course worry users and there is likely to be many defecting across to Yoast.

  2. We have used both plugins extensively over hundreds of our own and client sites. From using AIO for years we moved to Yoast – then back to AIO – which I find easier for quick, full-site overviews from ‘All Pages’ and ‘All Posts’ pages – allowing quick edits of metas from those overview pages. Cheers,