The popular WordPress All in One SEO plugin has two vulnerabilities (CVE-2021-25036 and CVE-2021-25037), which make many thousands of websites vulnerable. If you use the plugin, you should immediately look for an update, otherwise it will be like waiting for you to be hacked.
All in One SEO is a WordPress plugin released in 2007. We avoid such add-ons as the devil incense.
Why; There are many reasons, but we will mention three:
If a site does not have relevant content, an SEO plugin will do nothing, otherwise if the content is interesting and possibly unique, the site will be in the search engines.
Second, complex SEO add-ons (see AIO SEO, Yoast) suffer again and again from weaknesses and malfunctions and this has attracted attention. So it will be good for your site to use as few WordPress plugins as possible.
Thirdly, this plugin has been purchased by the owner of Wpbeginner, a well-known site that supposedly offers advice to WordPress friends, but actually promotes its own expensive products. Of course, you can live without them, but the way they are presented to beginners and ignorant makes them extremely necessary.
The WordPress All in One SEO plugin has two critical security vulnerabilities in older versions. Automattic security researcher Marc Montpas discovers and identifies security vulnerabilities CVE-2021-25036 and CVE-2021-25037.
The developers of the plugin released version 4.1.5.3 with a security patch 14 days ago. Therefore, those who use the add-on should inform immediately. There are currently about 800.000 users who have not updated.