Researchers have identified multiple privilege escalation and cross-site scripting vulnerabilities in the popular WordPress Plugin All in One SEO Pack, which is currently estimated to be running on more than 15 million of the 73 million WordPress websites.
“While auditing their code, we found two security flaws that allows an attacker to conduct privilege escalation and cross site scripting (XSS) attacks,” wrote Marc-Alexandre Montpas.
“In the first case, a logged-in user, without possessing any kind of administrative privileges (like an author of subscriber), could add or modify certain parameters used by the plugin. It includes the post’s SEO title, description and keyword meta tags. All of which could decrease one’s website’s Search Engine Results Page (SERP) ranking if used maliciously.”
“If your site has subscribers, authors and non-admin users logging in to wp-admin, you are a risk. If you have open registration, you are at risk, so you have to update the plugin now… We’re not going to reinvent the wheel on this one: upgrade to the latest version available for this plugin.”