A Flaw In The All-In-One SEO Pack WordPress Plugin May Be Putting Your Website At Risk

SMS Text
wordpress featured image

If you have the All-In-One SEO Pack WordPress plugin installed, your website may be at risk of being compromised if it’s not updated. A update was released on Sunday that patches two vulerabilities.

Over the weekend, Web security firm Sucuri announced that they discovered two security flaws in All in One SEO Pack plugin. The flaws leave your website at risk to attacks by users with non-admin accounts.

In addition to being able to add or modify certain parameters used by the plugin, attackers can also elevate their privileges and inject malicious code into the administration panel.

Sucuri cautions website owners that they may be at risk if their site has subscribers, authors and non-admin users logging in to the wp-admin panel.

If your website allows for open registrations, Sucuri says you are at risk and need to update the plugin right now.

How To Proctect Your Website

It is recommended that WordPress admins update the All in One SEO Pack plug-in to version 2.1.6, which was released on Sunday.

Slobodan Manic, CTO of Search Engine Journal, offers an alternative recommendation:

SEJ migrated some time ago from “All in One SEO Pack” to “WordPress SEO by Yoast”, which historically hasn’t had any security issues. Migrating was really easy.

To migrate to the more secure SEO by Yoast plugin, follow the steps provided in this post. If you’re not interested in using a new plugin, updating your ‘All in One’ plugin should fix the problem just as well.

Matt Southern

Matt Southern

Lead News Writer
Matt Southern is the lead news writer at Search Engine Journal. His passion for helping people in all aspects of online marketing flows through in the expert industry coverage he provides.
Matt Southern
Get the latest news from Search Engine Journal!
We value your privacy! See our policy here.
  • http://www.seonortheast.co.uk Mark

    SEO Yoast I though was the standard plug in, I certainly find it easier ti use, This security threat will of course worry users and there is likely to be many defecting across to Yoast.

    • Kewlio

      Yoast all the way! No doubt!

  • http://www.slinkydigital.com.au/ Peter Brittain

    We have used both plugins extensively over hundreds of our own and client sites. From using AIO for years we moved to Yoast – then back to AIO – which I find easier for quick, full-site overviews from ‘All Pages’ and ‘All Posts’ pages – allowing quick edits of metas from those overview pages. Cheers,

  • http://www.gadumaguing.com/ Gay Aida Dumaguing

    Already have the version 2.1.7 to wordpress sites I’m handling.

  • http://www.operationtechnology.com Brad Fogel

    Good to know. Also, just an FYI on typo “How To Proctect Your Website”…s/b “Protect”. Cheers.