All in One SEO Pack插件存在安全问题需要及时更新版本

老左相信有不少朋友都在使用All in One SEO Pack这款优秀的WordPress SEO插件工具,但是我们从Wordfence安全文章中看到在3.6.2版本之前都有XSS安全问题,如果我们不及时更新到最新版本话可能会导致我们的网站标题被利用修改,这样还是会给网站造成不必要的麻烦的。

如果我们在使用All in One SEO Pack3.6.1及以前的版本的都是有安全问题的,所以我们需要升级到目前WP官方上架的最新的3.6.2版本。我们可以选择直接后台更新升级或者手动下载替换升级。老左发现我还没有用这款插件,所以不用升级修改。

原文内容:

All in One SEO Pack patched an XSS vulnerability this week that was discovered by the security researchers at Wordfence on July 10. The popular plugin has more than 2 million active installs, according to WordPress.org.

Wordfence researchers categorized it as “a medium severity security issue” that could result in “a complete site takeover and other severe consequences:”

This flaw allowed authenticated users with contributor level access or above the ability to inject malicious scripts that would be executed if a victim accessed the wp-admin panel’s ‘all posts’ page.

Version 3.6.2, released on July 15, 2020, includes the following update in the changelog: “Improved the output of SEO meta fields + added additional sanitization for security hardening.”

All in One SEO Pack users are strongly recommended to update to the latest version. At the time of publishing, just 12% of the plugin’s user base is running versions 3.6.x, which includes the three most recent versions. This leaves more than 1.7 million installations (88% of the plugin’s users) vulnerable.

Many users don’t log into their WordPress sites often enough to learn about security updates in a timely fashion. Plugin authors often don’t advertise the importance of the update on their websites or social media. This is the type of situation that WordPress 5.5 should help to mitigate, as it introduces admin controls in the dashboard that allow users to enable automatic updates for themes and plugins.

本文固定链接: https://www.laozuo.org/16393.html | 老左笔记

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值