Security Issue : WordPress Plugin All in One SEO Pack v2.3.6.1 exploit

 In Security

All in One SEO pack is a widely spread plugins used to set the meta description, keywords and titles for the WordPress posts.
A XSS exploit has been discovered on the plugin All in One SEO pack plugin for the version and before.
You can immediately check the version from the plugin page and the current version should be v2.3.8.
The XSS has been discovered in the bad bot blocker feature and involve an exploit allowing to steal the administrator tokens through an altered user agent.
The vulnerability has been patched and a plugin update is strongly advised.

Recent Posts

Leave a Comment

Start typing and press Enter to search