A vulnerability was found in the All in One SEO Pack plugin.

a minute read

A vulnerability such as XSS (cross-site scripting) has been discovered in the popular WordPress All-in-One SEO Pack plugin . This is reported on the website of the WPScan Vulnerability Database.

Cross-site scripting (XSS) is a type of software vulnerability that allows a hacker to embed code into a web page and gain various levels of access to a site and / or its database.

Vulnerability was identified by RipsTech on October 25th.

Responsible Lines Of Code

Whether it was closed is currently unknown. The developers of the plugin have not yet answered this question, and in the latest update , dated December 6, there is no mention of the elimination of security errors.

All In One SEO Pack Changelog

According to a RipsTech report, on October 25, developers wrote that they would be investigating a vulnerability. Almost a month later, on October 22, the company contacted them again, but received no response.


Since a hacker can use this vulnerability to take control of user accounts, site administrators are advised to check passwords and make sure they have enough difficulty.

Recall that in November, a critical vulnerability was fixed in the AMP plugin for WP .

Facebook Twitter LinkedIn Telegram Pocket

Related Posts:

The developers of the popular AMP plugin for WordPress – AMP for WP – have released a patch for a critical vulnerability discovered last month. While the work was underway to eliminate the vulnerability, the plugin was removed from the corresponding section on...
A serious vulnerability was discovered in the popular WordPress WP Google Maps plugin , allowing hackers to take control of the site. This is reported on the WPScan Vulnerability Database page . At the moment, this vulnerability is already closed, and therefor...
In the popular plugin WP GDPR Compliance , a serious vulnerability was discovered. To secure the site, you need to upgrade to version 1.4.3 or higher. Currently, hackers are actively attacking WP-sites with this plugin. All resources with an earlier version th...