Important: Patch Your All in One SEO Pack WordPress Plugin

Jun 3, 2014 • 8:23 am | comments (15) by twitter Google+ | Filed Under SEO - Search Engine Optimization
 

wordpress logoPersonally, I am not a fan of WordPress or software products that are completely open to anyone who can read their code - but that is me. But most of you are probably using WordPress, so it is critical that if you are and if you are using the All in One SEO Pack WordPress Plugin, that you patch it immediately.

There was a serious vulnerability found in the plugin that leaves your site open to major security issues.

Specifically, it leaves you open to privilege escalation and cross site scripting (XSS) attacks.

So go ahead and update it immediately or drop it completely.

Like I said, I personally dislike using software where anyone can read the code and find exploits with ease.

Forum discussion at WebmasterWorld.

Previous story: Bing Is Five Years Old
 

Comments:

Mark

06/03/2014 01:21 pm

Wordpress is better than any off-the-shelf CMS I've ever used in a corporate environment, and about $20,000 less expensive. Anyone who doesn't know how to update their site/plugins, server, or use an HTACCESS/robots.txt file deserves what comes to them...doesn't matter if it's Wordpress or off-the-shelf...

keaner

06/03/2014 01:27 pm

Wordpress is for people who don't know how to use Joomla. Barry aren't you kind of saying you don't like open source then? "Like I said, I personally dislike using software where anyone can read the code and find exploits with ease." Isn't that open source?

Barry Schwartz

06/03/2014 01:30 pm

No, you can use open source languages without giving up everything.

keaner

06/03/2014 01:47 pm

fair enough....this time!! :)

James

06/03/2014 02:38 pm

"Deserves what comes to them ..." - that's nice of you. Many Wordpress users are average joes, they have no idea about all that technical stuff. They use Wordpress precisely because they don't have to be technically minded to use it.

Fedor

06/03/2014 03:34 pm

lol, Joomla is for people that don't know how to use... html or care about running a decent site for that matter. WordPress is sad but nothing is sadder than Joomla.

keaner

06/03/2014 03:36 pm

you have not used or dont know how to use Joomla then . Also free :)

Ben Griffiths

06/03/2014 03:48 pm

And also susceptible to compromise...

keaner

06/03/2014 03:58 pm

everything is. period. No system is uncrackable. But the power difference between Joomla and WP is undeniable :)

Thomas

06/03/2014 06:22 pm

joomla is much harder for your typical business owner to understand. when you build someone a site and you are ready to be on to the next project, wordpress allows me to point past clients to the millions of tutorials on youtube for your average site update or edit. the folks that had a site built in joomla forever need assistance, not worth the headache. wordpress is the easiest learning curve for a cms. and its updated regularly. and there are a bazillion plugins to make it do whatever you need it to... joomla, not so much. joomlas for goobers that want to think they are cool for using something more technical with less features so you can nickle and dime people for dumb shit.

Davis Johnson

06/03/2014 06:50 pm

WP is just a good foundation to start from. You can always write your own code on top of it. I don't understand how your giving anything away.

Arthur Morehead

06/03/2014 11:03 pm

As far as I know that patch for AIOSEO was taken care of two updates ago. Am I wrong?.

gregory smith

06/04/2014 04:30 am

It has been fixed.

David Watkinson

06/04/2014 05:32 am

I think your point is valid. If you are using all standard items, that are released as open source, then you are showing your arsenal. Thus making it easier for attacks. In my opinion, WordPress is pretty useless on its own, it lacks many feature and has little security. It is like the base plate in lego. Not much use on its own, but it is what you make it into. I don't think it matters what plugins you use, but you do need to hide them so that if a vulnerability like this opens up, no would be attackers can tell that you use the plugin.

James

06/04/2014 07:13 am

Can you elaborate on "power difference" - what do you mean? Speed of page load? Potential? It's a genuine question as I always use Wordpress but if Joomla has advantages I would like to know. Thanks.

blog comments powered by Disqus