What's Up With WordPress December Edition: 800K Sites Still Affected by SEO Plugin

1 min 06 sec read
December 23, 2021
145
Facebook Twitter LinkedIn Pinterest WhatsApp
Copy Link Your browser does not support automatic copying, please select and copy the link in the text box, then paste it where you need it.
There's always something up with WordPress these days that we might as well cover a story on them every week. This time, over 800 thousand WordPress sites are still impacted by a critical and flawed SEO plugin.

Hacker Wearing Santa Hat Accessing Website Since 800K WordPress Sites Affected by SEO Plugin In December
It's about to get technical, but here's what happened and what was affected.

Earlier in December, it was discovered that more than 3 million WordPress sites had this very popular All-in-One SEO plugin installed. The plugin had two critical security vulnerabilities that could've exposed all those sites to takeover attacks.

The developers who made the plugin have patched it, but there are still roughly 820,000 sites using the outdated version. So hackers still pose a threat.

Here's what makes these two vulnerabilities dangerous.

All it requires is someone with low-level permissions like being a Subscriber to commit an attack. "Subscribers," by the way, is a WordPress user role just like these other roles: Contributor, Author, Editor, and Administrator.

Subscribers can comment on WordPress articles and make changes to their profiles. But hackers found a way to exploit this vulnerability by injecting code that cracks the password (SQL Injection attack) in the backend login page of a WordPress site.

From there, hackers could make themselves an admin and do as they please by executing malicious code remotely from their homes.

Any WordPress admins using this outdated All-in-One SEO plugin must update it ASAP. We don't know how WordPress will reach out to all of them, but it's still a threat.

Having plugin problems like this isn't something that a WebFindYou user has to worry about.

So, if you're a WordPress user, consider making the switch right now.

Want to read this in Spanish? Spanish Version >>
145
Facebook Twitter LinkedIn Pinterest WhatsApp
Copy link Your browser does not support automatic copying, please select and copy the link in the text box, then paste it where you need it.
Chat Offline Leave a Message
This website uses cookies to help provide you the best experience possible. See our Privacy Policy for more information. By continuing without changing your cookie settings within your browser, you are agreeing to our use of cookies.
Accept