Close

What's Up With WordPress December Edition: 800K Sites Still Affected by SEO Plugin

December 23, 2021

1 min 06 sec read
274 Facebook Twitter Whatsapp Facebook Twitter LinkedIn Pinterest WhatsApp Copy Link Your browser does not support automatic copying, please select and copy the link in the text box, then paste it where you need it.
There's always something up with WordPress these days, so much so, that we might as well cover a story on them every week. This time, over 800 thousand WordPress sites are still impacted by a critical and flawed SEO plugin.

Hacker Wearing Santa Hat Accessing Website Since 800K WordPress Sites Affected by SEO Plugin In December
It's about to get technical, but here's what happened and what was affected.

Earlier in December, it was discovered that more than 3 million WordPress sites had a very popular "All-in-One" SEO plugin installed. The plugin had two critical security vulnerabilities that could've exposed all those sites to takeover attacks.

The developers who made the plugin have patched it, but there are still roughly 820,000 sites using the outdated version. So, hackers still pose a threat.

Here's what makes these two vulnerabilities dangerous.

All it requires is someone with low-level permissions like being a "Subscriber" to commit an attack. Subscribers, by the way, are a WordPress user role just like these other roles: Contributor, Author, Editor, and Administrator.

Subscribers can comment on WordPress articles and make changes to their profiles. Hackers found a way to exploit this vulnerability by injecting code that cracks the password (SQL Injection Attack) in the backend login page of a WordPress site.

From there, hackers could make themselves an Admin and do as they please by executing malicious code remotely from their homes.

Any WordPress Admins using this outdated All-in-One SEO plugin must update it ASAP. We don't know how WordPress will reach out to all of them, but it's still a threat.

Having plugin problems like this isn't something WebFindYou users have to worry about.

So, if you're a WordPress user, consider making the switch right now.

Want to read this in Spanish? Spanish Version >>

274 Facebook Twitter Whatsapp Facebook Twitter LinkedIn Pinterest WhatsApp Copy Link Your browser does not support automatic copying, please select and copy the link in the text box, then paste it where you need it.