13 Jul 0
All in One SEO pack is a widely spread plugins used to set the meta description, keywords and titles for the WordPress posts.
A XSS exploit has been discovered on the plugin All in One SEO pack plugin for the version 18.104.22.168 and before.
You can immediately check the version from the plugin page and the current version should be v2.3.8.
The XSS has been discovered in the bad bot blocker feature and involve an exploit allowing to steal the administrator tokens through an altered user agent.
The vulnerability has been patched and a plugin update is strongly advised.