back to article Flaws open gates to WordPress en-masse SEO beat-down

Wordpress sites running the popular All in One SEO Pack plugin could have search rankings beaten down by readers and malicious code injected into pages due to dangerous vulnerabilities patched yesterday. The flaws allowed hackers to launch privilege escalation and cross site scripting attacks against vulnerable sites running …

COMMENTS

This topic is closed for new posts.
  1. John Tserkezis

    Is this an old report or am I missing something?

    Far as I can tell, Wordpress is currently up to v3.9.1, and Wordpress SEO plugin is at v1.5something.

    Both are miles away from the vulnerable v2.1.6 which was "patched overnight".

    Have I lost it or is this in error? I need to know when to book myself into the Happy Hotel.

    1. Fuzz

      you're missing something, the words "all-in-one" from your plugin name

      1. John Tserkezis

        you're missing something, the words "all-in-one" from your plugin name

        Ah, that's what threw me. Mine has something along the lines of "the best all in one SEO..." in the description field, but not the name.

        Thanks for that.

  2. Anonymous Coward
    Anonymous Coward

    WordPress: a collection of hack exploits with a blog feature attached.

  3. Ian 55

    ... if you have open registration, you are at risk

    Since its creation, WordPress has had an annual user privilege escalation exploit of one form or another. The only new thing about this one is that it's a plugin at fault, rather than the core.

    Don't let people you do not trust absolutely have any form of account using wp-login.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019