WordPress.org

Forums

All in One SEO Pack
Security Alert (2 posts)

  1. scalare
    Member
    Posted 9 months ago #

    We've got a security alert from Media Temple today, saying this:

    "This is an important security notice from (mt) Media Temple. During a routine security scan, we found indications that ...(domain name)... is running a vulnerable version of the All in One SEO Pack plugin for WordPress. The security vulnerabilities allow for cross-site scripting (XSS) attacks and privilege escalation attacks. This means that a member of your site (an author, subscriber, etc.) could possibly edit certain SEO fields on posts they don't normally have access to. This includes the SEO title, description, and keywords. "

    We've checked the version of All in One SEO plugin, and we have installed version 2.1.6, which is the latest, even when we have WordPress 3.8.3 in there. We saw that the plugin was also Last updated on June 2nd. 2014, but the version number has not changed.

    So, do we have to update All in One SEO Plugin manually anyway, even though the latest version number is the same we have installed, or is this an automatic email that Media Temple sends out to every hosting client they have and we can just disregard it?

    Thank you.

    https://wordpress.org/plugins/all-in-one-seo-pack/

  2. wpsmort
    Support Manager at Semper Fi
    Posted 9 months ago #

    Hi scalare,

    If you are running All in One SEO Pack version 2.1.6 which is the latest version then you are fine. The vulnerability was patched immediately we were notified about it and the patch was released on Saturday 31st May in version 2.1.6.

Reply

You must log in to post.

About this Plugin

About this Topic