The popular All In One SEO Plugin for WordPress has released an update addressing two security issues discovered by Sucuri during a security audit. According to Sucuri, one of the vulnerabilities can be used to escalate privileges while the other deals with Cross Site Scripting attacks.
A logged-in user who doesn’t have administrative capabilities is able to modify certain parameters of the plugin such as the post’s SEO title, description, and meta tags. These changes could cause long-term negative effects to search engine rankings.
Sucuri recommends upgrading the plugin as soon as possible.