Users of the ‘All in One SEO Pack’ plugin for WordPress are being told to update their settings immediately, after flaws with the application were found.
According to Sucuri there are two flaws, each of which could have a different impact on corporate users and their newsfeeds.
The first, less dangerous, flaw could result in blogs being removed from Google’s spam search index. The issue could also result in unauthorised action being taken to modify the essentials of a page, such as page title, meta-tags and description.
In a statement, Sucuri said:
In a later blog post, one of Sucuri’s analyst web developers, Marc-Alexandre Montpas, said that any site with authors, non-admin and subscribers were at risk.
It is hoped that most of the users using the plug-in pack would have signed up for automatic updates, which will provide a fix to the problem. However, with about 19 million downloads of the tool, it is likely that a significant number of business blogs will remain vulnerable.
Anyone not running them automatically is advised to install the update released at the weekend, which patches the two vulnerabilities.