If you’re running a WordPress website and you have the hugely popular All in One SEO Pack plug-in installed, it’s a good idea to update it as soon as possible. The latest version released Friday fixes a flaw that could be used to hijack the site’s admin account.
The vulnerability is in the plug-in’s Bot Blocker functionality and can be exploited remotely by sending HTTP requests with specifically crafted headers to the website.
The Bot Blocker feature is designed to detect and block spam bots based on their user agent and referer header values, according to security researcher David Vaartjes, who found and reported the issue.
To read this article in full or to leave a comment, please click here