All In One SEO Vulnerability Affects +3 Million Sites – Search Engine Journal

Security researchers at Jetpack discovered two serious vulnerabilities in the All In One SEO Plugin. The vulnerabilities could allow a hacker to access usernames and passwords and also perform remote code execution exploits.

The vulnerabilities are dependent on each other in order to be successful. The first one is called a Privilege Escalation Attack, which allows a user with a low level of website access privilege (like a subscriber) to raise their privilege level to one with more access privileges (like a website administrator).

The security researchers at Jetpack describe the vulnerability as severe and warn of the following consequences:

“If exploited, the SQL Injection vulnerability could grant attackers access to privileged information from the affected site’s database (e.g., usernames and hashed passwords).”

Authenticated Privilege Escalation

One of the exploits is an Authenticated Privilege Escalation vulnerability that exploits the WordPress REST API, allowing an attacker…

Read Full Story: https://www.searchenginejournal.com/all-in-one-seo-vulnerability-2021/430230/

The post All In One SEO Vulnerability Affects +3 Million Sites – Search Engine Journal first appeared on SEO, Marketing and Social News | OneSEOCompany.com.

source: https://news.oneseocompany.com/2021/12/15/all-in-one-seo-vulnerability-affects-3-million-sites-search-engine-journal_2021121510840.html

Your content is great. However, if any of the content contained herein violates any rights of yours, including those of copyright, please contact us immediately by e-mail at media[@]kissrpr.com.