Downloaded over 28 million times, the popular WordPress plugin called All in One SEO Pack is experiencing issues with hacker attacks.
Wordfence announced earlier today that a major stored cross site scripting was found in versions 18.104.22.168 and older in the plugin. The vulnerability in the plugin allows the attacker “to send a malicious HTTP User-Agent or Referrer header” to one’s website. Once this happens and the user checks their “Bad Bot Blocker” under the Admin panel, then the attack has full access to the website.
How to Avoid this Attack
Although many websites have All in One SEO Pack installed, not everyone has the same settings. Sites can only be compromised is the “Track Blocked Bots” setting is checked in the plugin — a feature that is not enabled in the default setting. Be sure to make sure this feature is not checked under your All in One SEO Pack plugin for the time being.
It’s also important to keep your WordPress plugins up to date, as older versions have more of a tendency to be susceptible to hacks and viruses. Don’t forget to download a copy of your WordPress files as well as your database in case your site is hacked in the future due to this plugin vulnerability.
Wordfence announced that it’s Premium customers are already protected against this attack after releasing a firewall update. The All in One SEO Pack plugin has also released it’s latest version, 2.3.7 which ensures a fix to this high risk security issue.