The Sucuri Blog issued a notice that a popular SEO plugin for WordPress web sites had a major security vulnerability.
The plugin name is the “All in One SEO Pack” and the fix is easy, just make sure to update the plugin immediately.
The vulnerability opened up WordPress blogs that used the plugin, that had subscribers, authors and non-admin users logging in to wp-admin. The code in the plugin had two security issues that enabled hackers to:
(1) Conduct privilege escalation
(2) Cross site scripting (XSS) attacks
Again, the fix is simple, just upgrade to the latest version available for this plugin.