Hi @vegancake,
We’ve already deployed a fix for this vulnerability in AIOSEO version 4.8.7, and we reported this to Patchstack. We’ve been waiting on Patchstack to verify and confirm the fix.
We followed up with Patchstack again last week, but it’s up to them to update their vulnerability database to mark this as patched. Until they do this, it’ll incorrectly appear as vulnerable in any security plugin or tool until they’ve updated their database.
Again, this vulnerability has already been patched, and if you’re on AIOSEO v4.8.7 or later then you’re protected, and you can safely ignore any warning about this. This vulnerability also hasn’t been exploited by anyone and can only be executed by someone who already has a login to your website.
I hope this helps!
Plugin Support
Prabhat
(@prabhatrai)
Hi @vegancake,
I’m happy to confirm that Patchstack has now officially verified and marked this vulnerability as fixed.
You can see their update here:
https://patchstack.com/database/wordpress/plugin/all-in-one-seo-pack/vulnerability/wordpress-all-in-one-seo-pack-plugin-4-8-7-sensitive-data-exposure-vulnerability
Please make sure you’ve updated to AIOSEO version 4.8.7.2.
Feel free to let me know if you have any other questions. I’m here to help.
