If you run a WordPress website of any kind then the chances are that you will also be running one of the two main SEO plugins – “All in One SEO” created by Michael Torbert. While this is a fantastic plugin (we use it ourselves on this site), and has been downloaded more than 18 million times, a serious security vulnerability has been discovered which means that anyone running it should immediately upgrade to the current new version.
Thankfully, the vulnerability was found by well respected security company Sucuri, responsibly disclosed to the author and a patch was released before they went public. However, this does mean that everyone running this plugin should immediately upgrade as the vulnerability is now known and can easily be tested for within an WordPress installation and then exploited if the version is not found to be the latest.
It is relatively simple to upgrade any theme or plugin, and even the main WordPress core version, in any site but we know from experience that a large number of users dont do this regularly. This vulnerability was disclosed on the Sucuri Blog on the 31st May and yet a sizeable number of users have yet to upgrade. Any WordPress installation should be checked at least once per day and any upgrades that are shown should be done immediately !