It has come to our attention that a zero-day vulnerability has been discovered within the All In One SEO Pack plugin which lets a non-privileged user either modify SEO data in posts or inject javascript into an administrators panel to execute malicious code. The developer has released a patch for this vulnerability which resolves the issue with a simple update of the plugin to version 2.1.6.
What if I am affected?
If you are affected by the vulnerability in the All In One SEO Pack plugin, update to version 2.1.6 immediately. After doing so, we recommend that you run Sucuri SiteCheck as well to ensure that there is not any compromised code running within your WordPress site.