All In One SEO Pack Plugin Vulnerability

By Adam

All In One SEO Pack Plugin Vulnerability

A Medium-Risk Security issue was recently reported on the popular WordPress plugin, All In One SEO Pack. All In One SEO Pack Plugin at WordPress.org With over 2 million websites using this plugin, we wanted to bring you the simplified version of what’s going on. The vulnerability was found and reported by the brilliant Threat Intelligence Team at WordFence, one of the leading WordPress Security plugins on the market. The All In One SEO Pack plugin is widely used by websites all over the world, so it’s important that you check if your website is at risk. In this post, we will be looking at a layman’s terms version of what happened and what you can do about it.

Read the original advisory on the WordFence Blog. 2 Million Users Affected by Vulnerability in All in One SEO Pack

Bill Nye Gif saying this is an actual crisis
It’s a Medium-Risk Security Issue, but Bill has a point.

What Happened

On July 10, 2020, WordFence’s Threat Intelligence team found a vulnerability in the All In One SEO Pack plugin and reported it to the plugin developer. The vulnerability essentially allowed users with specific user-levels to inject malicious code into the website backend. This gave hackers the ability to create an administrative user in the backend and have full access to the website. This is considered a Medium-Risk Security issue and not a High-Risk because hackers would first require some level of access to the website. It’s important to note that it could still be a smaller component of a larger attack. On July 15, 2020, the plugin provider released a patch for the vulnerability and we updated all of our CareKit customers on July 16, 2020.

Watch the vulnerability get exploited in this 3-minute video by WordFence

What You Can Do Now

1. Update The Plugin

If your website uses this plugin, it’s strongly recommended that you update it to the latest version. The latest version of the All In One SEO Pack plugin, at the time of writing, is version 3.6.2.

2. Backup, Backup, Backup!

Make sure you take a backup of your website before updating any plugins. I cannot stress enough the importance of having a backup and the mountains of time it has saved me.

3. Ask For Help

If you don’t feel comfortable doing this update on your own or just want the help of an expert, reach out to us Reach out to us through our contact form  and we’d be happy to help!

Takeaway

WordPress is one of the most popular Content Management Systems on the planet, with tons of contributors and developers packing it with more and more features every day. With all of that power, like any great software, vulnerabilities are inevitable and need to be plugged quickly. We have daily backups for all of our clients that are on our CareKit Service Learn more about our CareKit Service  and have updated this plugin to protect against attacks. It’s important to stay on top of your website by updating plugins, themes, and the WordPress core on a regular basis to keep it secure. If you liked today’s brief, we’d love for you to share it with a friend.

Let us help secure and maintain your website on a regular basis. With daily backups, weekly updates, and regular monitoring, we ensure your website is safe and secure.

About the author

I'm nobody's taxi service but I take pride in driving the bus! Upbeat, energetic serial entrepreneur on the quest to serve and help people. I enjoy long walks on short beaches and adventurous, adrenaline-pumping activities. I'm a normal bloke doing abnormal bloke things!
Read more posts by Adam
Phone Icon
Call Us
Contact Icon
Contact
Contact us
Copy link