The team behind on the All in One SEO Pack just released a new version of their popular WordPress plugin.
It is a security release patching two privilege escalation vulnerabilities we discovered earlier this week that may affect any web site running it.
While auditing their code, we found two security flaws that allows an attacker to conduct privilege escalation and cross site scripting (XSS) attacks.
It is a security release patching two privilege escalation vulnerabilities we discovered earlier this week that may affect any web site running it.
What is Risks?
If your site has subscribers, authors and non-admin users logging in to wp-admin, you are a risk. If you have open registration, you are at risk, so you have to update the plugin now.While auditing their code, we found two security flaws that allows an attacker to conduct privilege escalation and cross site scripting (XSS) attacks.