WordPress.org

Forums

All in One SEO Pack
Security Alert (2 posts)

  1. scalare
    Member
    Posted 1 year ago #

    We've got a security alert from Media Temple today, saying this:

    "This is an important security notice from (mt) Media Temple. During a routine security scan, we found indications that ...(domain name)... is running a vulnerable version of the All in One SEO Pack plugin for WordPress. The security vulnerabilities allow for cross-site scripting (XSS) attacks and privilege escalation attacks. This means that a member of your site (an author, subscriber, etc.) could possibly edit certain SEO fields on posts they don't normally have access to. This includes the SEO title, description, and keywords. "

    We've checked the version of All in One SEO plugin, and we have installed version 2.1.6, which is the latest, even when we have WordPress 3.8.3 in there. We saw that the plugin was also Last updated on June 2nd. 2014, but the version number has not changed.

    So, do we have to update All in One SEO Plugin manually anyway, even though the latest version number is the same we have installed, or is this an automatic email that Media Temple sends out to every hosting client they have and we can just disregard it?

    Thank you.

    https://wordpress.org/plugins/all-in-one-seo-pack/

  2. Hi scalare,

    If you are running All in One SEO Pack version 2.1.6 which is the latest version then you are fine. The vulnerability was patched immediately we were notified about it and the patch was released on Saturday 31st May in version 2.1.6.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • All in One SEO Pack
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic