All in One SEO Pack软件存有安全性难题必须立即升级

2021-04-11 01:16 jianzhan

假如大家在应用All in One SEO Pack3.6.1及之前的版本号的全是有安全性难题的,因此大家必须升級到现阶段WP官方网发布的全新的3.6.2版本号。大家能够挑选立即后台管理升级升級或是手动式免费下载更换升級。老左发觉我都沒有用这个软件,因此无需升級改动。


All in One SEO Pack patched an XSS vulnerability this week that was discovered by the security researchers at Wordfence on July 10. The popular plugin has more than 2 million active installs, according .

Wordfence researchers categorized it as “a medium severity security issue” that could result in “a complete site takeover and other severe consequences:”

This flaw allowed authenticated users with contributor level access or above the ability to inject malicious scripts that would be executed if a victim accessed the wp-admin panel’s ‘all posts’ page.

Version 3.6.2, released on July 15, 2020, includes the following update in the changelog: “Improved the output of SEO meta fields + added additional sanitization for security hardening.”

All in One SEO Pack users are mended to update to the latest version. At the time of publishing, just 12% of the plugin’s user base is running versions 3.6.x, which includes the three most recent versions. This leaves more than 1.7 million installations (88% of the plugin’s users) vulnerable.

Many users don’t log into their WordPress sites often enough to learn about security updates in a timely fashion. Plugin authors often don’t advertise the importance of the update on their websites or social media. This is the type of situation that WordPress 5.5 should help to mitigate, as it introduces admin controls in the dashboard that allow users to enable automatic updates for themes and plugins.

< | 老左手记

申明:大家不市场销售服务器,选服务器需合理合法应用,信息内容以具体为标准。 微信公众号:imweber