Serious flaw fixed in widely used WordPress plug-in

Serious flaw fixed in widely used WordPress plug-in

If you’re running a WordPress website and you have the hugely popular All in One SEO Pack plug-in installed, it’s a good idea to update it as soon as possible. The latest version released Friday fixes a flaw that could be used to hijack the site’s admin account.

The vulnerability is in the plug-in’s Bot Blocker functionality and can be exploited remotely by sending HTTP requests with specifically crafted headers to the website.

The Bot Blocker feature is designed to detect and block spam bots based on their user agent and referer header values, according to security researcher David Vaartjes, who found and reported the issue.

To read this article in full or to leave a comment, please click here

Source: Security

0Shares

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.