“All in One SEO Pack” plug-in has been downloaded over 18.5 million times to date. Security firm Sucuri found two flaws in the plugin that could allow attackers with access to non-administrative WordPress accounts to elevate their privileges. If used maliciously, this could result in damage to a site’s search result ranking. The vulnerability can also be combined with a second flaw to inject malicious JavaScript code on the administrator control panel that would execute when the page is loaded. An update can be initiated from the plugin’s administration panel.”]