AIOSEO Blog

WordPress Tutorials, Tips, and Resources to Help Grow Your Business

Important update to All in One SEO Pack Pro – version 2.3.6.2

Updated on Written By: author image Steve Mortiboy
author image Steve Mortiboy
Steve has over 25 years of project management and service delivery experience. He started his career in defense communications before moving to the British Ministry of Defence where he worked for the British Army. For the past 15 years, Steve has worked in IT, managing large projects and enterprise clients. Recently he has worked with entrepreneurs and small businesses helping them to meet the needs of their growing client base. A recent immigrant from England, he brings some international flavor to the team.
See Full Bio
Reviewed By: Ben Rojas
reviewer image Ben Rojas
Ben Rojas is an expert WordPress developer and the President of All in One SEO (AIOSEO). With a robust foundation in the IT sector spanning over 25 years, Ben has developed a profound expertise in technology and digital landscapes.
See Full Bio
LinkedIn

In conjunction with many other plugin developers, we have released an update to All in One SEO Pack Pro today which patches a security vulnerability within our plugin.  This vulnerability affects only users who have activated the File Editor module in All in One SEO Pack Pro.  Our standard guidance is to leave this module deactivated and only activate it as and when you need to make changes to your .htaccess and robots.txt files.

You can read more information regarding this Cross-site Scripting (XSS) and the plugins affected on the Sucuri blog here.

In addition to patching this vulnerability, this release also includes changes the plugin for Taxonomy Term Splitting so that the plugin is compatible with WordPress version 4.2 which is due out very soon.

We strongly urge all users to update to the latest version of All in One SEO Pack Pro (version 2.3.6.2).  Make sure you update ALL other affected plugins.

Our thanks go to Joost de Valk for identifying this vulnerability.

Want to Try AIOSEO for Free?

Enter the URL of your WordPress website to install AIOSEO Lite.

Please enable JavaScript in your browser to complete this form.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. We only recommend products that we believe will add value to our readers.

author avatar
Steve Mortiboy
Steve has over 25 years of project management and service delivery experience. He started his career in defense communications before moving to the British Ministry of Defence where he worked for the British Army. For the past 15 years, Steve has worked in IT, managing large projects and enterprise clients. Recently he has worked with entrepreneurs and small businesses helping them to meet the needs of their growing client base. A recent immigrant from England, he brings some international flavor to the team.
See Full Bio
SEO WordPress
social network icon

Add a Comment

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our privacy policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.