'All in One SEO' WordPress plugin vulnerability - 20240522002¶
Overview¶
A security vulnerability has been discovered in All in One SEO (AIOSEO), a widely used WordPress plugin with over 3 million active installations. This vulnerability, designated as CVE-2024-3368, enables attackers to inject malicious code into websites, potentially leading to unauthorized access, data theft, and website defacement
What is vulnerable?¶
| CVE | Severity | CVSS | Product(s) Affected | Dated |
|---|---|---|---|---|
| CVE-2024-3368 | N/A | N/A | The All in One SEO WordPress plugin before 4.6.1.1 | 20-May-2024 |
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):