Vulnerabilities in popular WordPress SEO plug-ins used by more than 3 million website owners. If left unpatched, the vulnerabilities could enable an attacker to take advantage of a privilege-escalation bug and an SQL-injection problem. The two vulnerabilities are in All in One SEO, which was launched in 2007 and is used by WordPress website owners to ensure their websites rank higher in search engines. When paired, they can become an exploit chain that could take over the websites – if the attacker has an account on the website, which can simply be a subscriber account.”]
Source: https://www.cuinfosecurity.com/flaws-in-wordpress-plug-in-put-3-million-websites-at-risk-a-18194