Security researchers at Sucuri firm have discovered multiple serious vulnerabilities in the popular All In One SEO Pack plugin for WordPress. The privilege escalation vulnerabilities allow an attacker to add and modify the WordPress websites meta information, impacting negatively on SEO. Nearly 27 million websites running WordPress are vulnerable to brute-force password guessing attacks or lack of proper security settings. Users should update the plugin immediately to the latest version (All in One. SEO Pack 2.1.6) All In One. plugin team has issued a security advisory to inform users of the presence of the. presence of two critical. vulnerabilities and one cross site scripting (XSS) flaw.”]
Source: https://securityaffairs.co/wordpress/25403/hacking/15-million-wordpress-seo-risk.html