Critical Vulnerabilities in All in One SEO Plugin Affects Millions of WordPress Websites

Security Risk: High

Exploitation Level: Easy

CVSS Score: 9.9 / 7.7

Vulnerability: Privilege Escalation, SQL Injection

Patched Version: 4.1.5.3

Last week, security researcher at Automattic Marc Montpas recently discovered two severe security vulnerabilities within one of the most popular SEO plugins used by WordPress website owners: All in One SEO. The plugin is used by more than three million websites and if left unpatched could cause some serious headaches for WordPress users.

The Details

Both vulnerabilities require that the attacker have an account on the website, but the account…


More Info

About mblog.my

Check Also

How to migrate from WordPress.com to WordPress.org

If you want the freedom to shape your WordPress website to your heart’s content, you …

Leave a Reply

Your email address will not be published. Required fields are marked *