WordPress's All in One SEO Pack Plugin is Currently Vulnerable
The best way to break into a website using WordPress is through the open doors and holes that the plugins will leave a lot of the time. I have stand by this statement more and more each day when I read about another popular plugin has a vulnerability.
The vulnerability is in the plugin's Bot Blocker functions. It can be easily exploited remotely by sending
HTTP requests with headers sent to the website.
The Bot Blocking feature was designed to detect and block spambots based on the user agent and referer values. This is according to a Security Researcher David Vaartjes, who found and reported the vulnerability.
When the Track Block Bots is enabled, the plugin will log all blocked requests and will display them on a HTML page inside of the administration panel.
This exploit allows for cross-site scripting (XSS) attacks, where the malicious code will be executed every time a person views the log page. Also, because this page is in the administration panel, the member will most likely be the administrator of the site. The code will be able to easily steal the session tokens.
The All in One SEO Pack Developer, a company called Semper Fi Web Design, has released version 2.3.7 Friday in order to fix this vulnerability. Users of thet plugin are strongly recommended to upgrade to this version as soon as possible or to make sure they don't have the Track Blocked Bots setting enabled.
The All in One SEO Pack provides a lot of search engine optimization features meant to increase a website's visibility in search results for people. According to the statistics from the WordPress plugins repository -- it is a very popular plugin -- with over one million active installations.