The Sucuri Blog issued a notice that a popular SEO plugin for WordPress web sites had a major security vulnerability.
The plugin name is the â€œAll in One SEO Packâ€ and the fix is easy, just make sure to update the plugin immediately.
The vulnerability opened up WordPress blogs that used the plugin, that had subscribers, authors and non-admin users logging in to wp-admin. The code in the plugin had two security issues that enabled hackers to:
(1) Conduct privilege escalation
(2) Cross site scripting (XSS) attacks
Again, the fix is simple, just upgrade to the latest version available for this plugin.