WordPress plugin All in One SEO Pack privilege escalation vulnerabilities
Description
The All in One SEO Pack plugin for WordPress versions prior to 2.1.6 contains privilege escalation vulnerabilities that allow authenticated users with low-level permissions (subscribers, authors, or contributors) to perform unauthorized administrative actions. This vulnerability poses a significant risk to sites that allow user registration or have non-administrative users with login access to the WordPress admin panel (wp-admin).
Remediation
Immediately upgrade the All in One SEO Pack plugin to version 2.1.6 or later to remediate this vulnerability. Follow these steps:
1. Navigate to the WordPress admin dashboard and go to Plugins → Installed Plugins
2. Locate 'All in One SEO Pack' in the plugin list
3. Click 'Update Now' if an update is available, or manually download version 2.1.6+ from the official WordPress plugin repository
4. After updating, verify the installed version is 2.1.6 or higher
5. Review user accounts and audit recent administrative actions for any suspicious activity
6. If open registration is enabled and not required, consider disabling it under Settings → General → Membership