Tuesday, June 3, 2014

Alert: All in One SEO WordPress Plugin Vulnerable

wordpress_blog


Warning: The popular All in One SEO Pack WordPress plugin has been deemed vulnerable to privilege escalation and cross site scripting attacks. All versions of the plugin prior to the recently released 2.1.6 are affected. To mitigate this threat, download version 2.1.6 as soon as possible.


Privilege Escalation


The discovered privilege escalation vulnerability allows WordPress users to modify your website’s SEO components without needing administrator permissions. A malicious actor could do so to negatively impact your website’s search engine ranking.


Cross Site Scripting


The discovered cross site scripting (XSS) vulnerability allows an attacker to inject malicious Javascript code into a WordPress administrator’s control panel. That code could be designed to perform any number of malicious actions, including the installation of a backdoor for monitoring purposes.


Ensuring Protection


The most immediate method of threat mitigation is to download the official plugin update to version 2.6.1. Additionally, you should evaluate how users interact with your WordPress site. Disabling open registration can increase your site’s security and can help protect it from future threats of this nature.


More details on these vulnerabilities can be found at the Sucuri Blog.


Have a Great (Malware-Free) Day!



Related Posts:


  • WordPress Sites Used for DDOS Attacks

  • Warning: Internet Explorer Zero Day CVE-2014-1776

  • Hack Your Facebook Friends? More Like Hack Yourself.

  • Firmware Vulnerabilities Discovered on Linksys and ASUS…

  • Security advice: Be careful when using Java



Alert: All in One SEO WordPress Plugin Vulnerable

No comments:

Post a Comment