Admins of WordPress websites warned against SEO plug-in flaw

June 3, 2014 2:09 am

Researchers from web security firm Sucuri have said administrators of many WordPress websites need to upgrade a popular search engine optimisation (SEO) plug-in to a newly released version to avoid the risk of compromise, PC World has reported. The two flaws were found in a plug-in called “All in One SEO Pack” that potentially allow attackers with access to non-administrative WordPress accounts to elevate their privileges and inject malicious code into the administration panel. “If your site has subscribers, authors and non-admin users logging in to wp-admin, you are a risk,” the Sucuri researchers said in a blog post. “If you have open registration, you are at risk, so you have to update the plugin now.”


by Ali Nehme
Publicis Media Middle East

by Ismail Al Hammadi
Al Ruwad Real Estate