A Medium-Risk Security issue was recently reported on the popular WordPress plugin, All In One SEO Pack. All In One SEO Pack Plugin at WordPress.org With over 2 million websites using this plugin, we wanted to bring you the simplified version of what’s going on. The vulnerability was found and reported by the brilliant Threat Intelligence Team at WordFence, one of the leading WordPress Security plugins on the market. The All In One SEO Pack plugin is widely used by websites all over the world, so it’s important that you check if your website is at risk. In this post, we will be looking at a layman’s terms version of what happened and what you can do about it.

Read the original advisory on the WordFence Blog. 2 Million Users Affected by Vulnerability in All in One SEO Pack

What Happened

On July 10, 2020, WordFence’s Threat Intelligence team found a vulnerability in the All In One SEO Pack plugin and reported it to the plugin developer. The vulnerability essentially allowed users with specific user-levels to inject malicious code into the website backend. This gave hackers the ability to create an administrative user in the backend and have full access to the website. This is considered a Medium-Risk Security issue and not a High-Risk because hackers would first require some level of access to the website. It’s important to note that it could still be a smaller component of a larger attack. On July 15, 2020, the plugin provider released a patch for the vulnerability and we updated all of our CareKit customers on July 16, 2020.

What You Can Do Now

1. Update The Plugin

If your website uses this plugin, it’s strongly recommended that you update it to the latest version. The latest version of the All In One SEO Pack plugin, at the time of writing, is version 3.6.2.

2. Backup, Backup, Backup!

Make sure you take a backup of your website before updating any plugins. I cannot stress enough the importance of having a backup and the mountains of time it has saved me.

3. Ask For Help

If you don’t feel comfortable doing this update on your own or just want the help of an expert, reach out to us Reach out to us through our contact form  and we’d be happy to help!

Takeaway

WordPress is one of the most popular Content Management Systems on the planet, with tons of contributors and developers packing it with more and more features every day. With all of that power, like any great software, vulnerabilities are inevitable and need to be plugged quickly. We have daily backups for all of our clients that are on our CareKit Service Learn more about our CareKit Service  and have updated this plugin to protect against attacks. It’s important to stay on top of your website by updating plugins, themes, and the WordPress core on a regular basis to keep it secure. If you liked today’s brief, we’d love for you to share it with a friend.