Millions of WordPress-based websites use the “All in One SEO” plug-in. As it now turns out, a simple code can make cyberattacks possible. Updating to a now secure version is advised!
Dangerous plug-in
Your website is based on WordPress and you use the plug-in All in One SEO? Then you should urgently download the latest version. After all, two sensitive security vulnerabilities have been discovered, and the developers have finally gotten to grips with them. The vulnerabilities were discovered by IT experts from “Jetpack”. At the same time, they describe how it is possible to gain access to sensitive data by exploiting the gap. A simple subscriber account is enough to give even a normal user access. The experts were able to easily bypass the corresponding check by making a simple adjustment to the access authorization request. Once this has worked, you can directly access important data on the website.
Update strongly recommended!
In addition to this vulnerability, there was another one, which allows so-called SQL injection attacks. However, since special rights are required for this, a combination possibility arises. Thus, criminals could have first secured higher user rights via the first vulnerability. In step two, they could then have carried out the attack. You should definitely download the latest version of All in One SEO to avoid worrying about this security issue.
No replies yet
Neue Antworten laden...
Neues Mitglied
Beteilige dich an der Diskussion in der Basic Tutorials Community →