This WordPress SEO plugin might leave your website vulnerable to attack

Wordfence’s Threat Intelligence team has discovered a vulnerability in a WordPress plugin installed on over two million sites called All In One SEO Pack.

If exploited, the flaw could allow authenticated users with contributor level access or higher to inject malicious scripts which are executed when a victim accesses the wp-admin panel’s ‘all posts’ page.