Last update at :2024-07-07,Edit by888u
Snail believes that many friends are using All in One SEO Pack, an excellent WordPress SEO plug-in tool. However, we saw from the Wordfence security article that there were XSS security issues before version 3.6.2. If we do not If we update to the latest version in time, our website title may be modified, which will still cause unnecessary trouble to the website.
If we are using All in One SEO Pack 3.6.1 and previous versions, there are security issues, so we need to upgrade to the latest 3.6.2 version currently officially listed by WP. We can choose to directly update and upgrade in the background or manually download the replacement upgrade. Snail found that I haven't used this plug-in yet, so there is no need to upgrade or modify it.
Original content:
All in One SEO Pack patched an XSS vulnerability this week that was discovered by the security researchers at Wordfence on July 10. The popular plugin has more than 2 million active installs, according to WordPress.org.
Wordfence researchers categorized it as “a medium severity security issue” that could result in “a complete site takeover and other severe consequences:”
This flaw allowed authenticated users with contributor level access or above the ability to inject malicious scripts that would be executed if a victim accessed the wp-admin panel’s ‘all posts’ page.
Version 3.6.2, released on July 15, 2020, includes the following update in the changelog: “Improved the output of SEO meta fields + added additional sanitization for security hardening.”
All in One SEO Pack users are strongly recommended to update to the latest version. At the time of publishing, just 12% of the plugin's user base is running versions 3.6.x, which includes the three most recent versions. This leaves more than 1.7 million installations (88% of the plugin's users) vulnerable.
Many users don't log into their WordPress sites often enough to learn about security updates in a timely fashion. Plugin authors often don't advertise the importance of the update on their websites or social media. This is the type of situation that WordPress 5.5 should help to mitigate, as it introduces admin controls in the dashboard that allow users to enable automatic updates for themes and plugins.
Recommended site searches: overseas hosting, cancellation registration, ip agent free version 2.80, domain name service provider, Shandong website registration, free cn domain name registration, space rental, which Hong Kong space is better, Hong Kong ip, php website space,
发表评论