WordFence is reporting that serious vulnerabilities have been found in the "All-In-One SEO Pack", version 2.3.7.  If you're using this plugin you should updated it ASAP.  The plugin author released version 2.3.8 which fixes the vulnerability yesterday afternoon.  

This vulnerability allows an attacker to inject javascript code into a page that requires admin privileges to view, through an unauthenticated stored XSS vulnerability.  When a site admin visits the page, the malicious code that runs can perform administrative actions such as modifying existing user privileges, creating a new admin user or stealing admin session tokens.

It's always a good idea to check your users, fairly often, to make sure none have been added that you don't recognize.  It's also a good idea to periodically change your user's passwords.  

LazyLizard's WordPress Security Protection would have automatically protected you from this vulnerability by automatically updating your plugin when the new version was released.


If you haven't yet signed up for LazyLizard's WordPress Security Protection, please do so to get automatic updates for all your plugins as soon as they're released.  You will also get a free complete security audit of your WordPress site, along with our personal recommendations to keep your site as safe as possible.  

You do not have to host your website with LazyLizard in order to use our WordPress Security Protection. 
 

Wednesday, July 13, 2016







« Back

Powered by WHMCompleteSolution