A vulnerability such as XSS (cross-site scripting) has been discovered in the popular WordPress All-in-One SEO Pack plugin . This is reported on the website of the WPScan Vulnerability Database.
Cross-site scripting (XSS) is a type of software vulnerability that allows a hacker to embed code into a web page and gain various levels of access to a site and / or its database.
Vulnerability was identified by RipsTech on October 25th.
Whether it was closed is currently unknown. The developers of the plugin have not yet answered this question, and in the latest update , dated December 6, there is no mention of the elimination of security errors.
According to a RipsTech report, on October 25, developers wrote that they would be investigating a vulnerability. Almost a month later, on October 22, the company contacted them again, but received no response.
Since a hacker can use this vulnerability to take control of user accounts, site administrators are advised to check passwords and make sure they have enough difficulty.
Recall that in November, a critical vulnerability was fixed in the AMP plugin for WP .