Quite a many site experts have been voicing their concern regarding the increased vulnerability found in the All in One SEO Pack WordPress Plugin. This is a sure alarm signal for those who are depending on the most popular All In One SEO Plugin and have not updated to version 2.1.6 or above over the last month. If you belong to this segment, then you must wake up and immediately do something about it. The SEO plugin has a number of vulnerabilities that can allow hackers to modify or add some SEO parameters that can lead to severe penalties with the SEO rankings. In addition, the hackers can also easily choose to make use of the code to enter a highly malicious javascript code within the admin’s control panel. The team that has made the All in One SEO pack has released the new 2.1.6 version that has the capabilities to address these vulnerabilities.

Some experts have identified two privilege escalation vulnerabilities that might affect the sites running the All in one SEO pack. You are at the heights of risk if your site has subscribers, authors and non-admin users logging in to wp-admin. Having open registration can put you at more risk and therefore you need to do something about this by updating to the new plugin.

While analyzing the code, experts have discovered two major security flaws that enable attackers to perform privilege escalation to cross site scripting (XSS) attacks. The first case is about the fact that a user who had logged in without any administrative privileges like an author could add up or modify a few parameters used by the plugin. It will include the post’s SEO title, description and keyword meta tags. If these things are used maliciously, it can certainly have a negative impact on the SERP (Search engine results page) ranking.

Some might feel that this is not worrying that much if they do not attach too much importance to the search engine rankings. For them the second case can be really threatening. The second vulnerability we are talking about here could easily execute malicious javascript code on an administer control panel. The implication is that the hackers have the possibility to execute malicious javascript code and do some destructive acts like changing the admin’s account password. They can also leave a backdoor to access your website’s files that can lead to several evil activities at a later stage.

If you are really worried how to prevent this from happening to your site, the answer is just easy and it is to update to the recent version available for the said plugin. There are also some innovative software programs that are released by some industry experts to protect the customers from such threats. This could also be a good option. Whatever be the stand you will take, better it is taken early so that something happens before any unfortunate damage is done to your site.