A medium severity security issue has been discovered on the popular plugin All In One SEO Pack, installed in over 2 million sites.

The vulnerability allows authenticated users with contributor level permissions and above the ability to inject malicious scripts on the website and can result in severe consequences such as a complete site takeover.

We strongly recommend immediately updating to the latest version of this plugin.

For more information please check the official public release.

If you have questions, don’t hesitate to contact our support team.

People that read this article also liked

Critical Vulnerabilities Found on PageLayer Page Builder Plugin WordPress Websites Security Breach – Outbreak of Malicious File Attacks Outdated WPBakery Plugin Critical Security Risk to Millions of Sites WordPress 5.7 “Esperanza” + WooCommerce 5.1 Released