Update your #WordPress sites if you use this plugin folks!
Bugs in widely used WordPress plug-in leave sites vulnerable to hijacking
All in One SEO Pack gives unprivileged users admin powers.
David Ford says
the daily wordpress vulnerability? :}
Paul Spoerry says
Considering WordPress powers about 20% off all websites on the Internet it's a pretty big target.
David Ford says
as a security and forensics guy and speaking from experience with monitoring our webhosting datacenters around the world — as a normal thing, wp, wp plugins and tools have some of the lowest quality code in existence. it's not that it's a big target because it's popular, it's a big target because the security of wp itself and wp plugins is just really awful.
Paul Spoerry says
I'd wager that it's more on the plugin end of things; but that's just from my past experience.