Description

Marc-Alexandre Montpas reported two privilege escalation vulnerabilities in the WordPress plugin All in One SEO Pack. If your site has subscribers, authors and non-admin users logging in to wp-admin, you are a risk. If you have open registration, you are at risk, so you have to update the plugin now.

Remediation

Upgrade to the latest version of All in One SEO Pack (this problem was fixed in version 2.1.6).

References

Related Vulnerabilities