We have been notified that a vulnerability within the All In One SEO Pack WordPress plugin that allows non-privileged users to modify the SEO data as well as inject arbitrary code within the site. The developer has released a patch for this vulnerability which resolves the issue with a simple update of the plugin to version 2.1.6.
What if I am affected?
If you are currently running the All In One SEO Pack plugin on your WordPress site, update it to version 2.1.6 immediately. After doing so, we recommend that you run Sucuri SiteCheck as well to ensure that there is not any compromised code running within your WordPress site.