Tuesday, June 3, 2014

WordPress All in One SEO plugin hijacked, search ratings could be affected

A popular WordPress plugin, All in One SEO Pack, downloaded around 19 million times has received emergency patches to dangerous vulnerabilities that could have allowed hackers to inject malicious code into pages and lower the search ratings for the site.
All in One SEO Pack
The plugin, called All in One SEO Pack, is used to make it easy to optimize WordPress sites for search engines including automatic meta tag generation that search engines such as Google use to identify sites. It is one of many such services as search engine optimisation is something many people will pay lots of money for in order to improve their position on Google. Travis Jamison from Supremacy SEO, a leading search marketing agency said when the issue was discovered

“The All in One SEO plugin is one of the most downloaded SEO plugins in WordPress. I have been a big supporter of the plugin so far as it enables amateur webmasters to optimize their on-site content with relative ease. However, as of now, I recommend users delete the plugin and not re-download it until an updated version is released.”
All versions of the plugin older than 2.1.6 were affected. The flaws were originally disclosed by web developer and security analyst Marc-Alexandre Montpas in a blog post and warned that
“If your site has subscribers, authors and non-admin users logging in to wp-admin …if you have open registration, you are at risk.”
 He added that another vulnerability in the plugin could allow a hacker to execute malicious JavaScript code onto a website’s WordPress control panel enabling parameters involved in the management of the website could be changed by an unauthorized user.
WordPress is one of the most popular content management systems (CMS) for hosting websites and blogs. It powers millions of sites worldwide and is famed for its ease of use and one-click installation process onto a server.

Post a Comment