---
title: "WordPress All In One SEO Pack plugin zero-day vulnerability"
description: "It has come to our attention that a zero-day vulnerability has been discovered within the All In One SEO Pack plugin which lets a non-privileged user either modify SEO data in posts or inject..."
url: https://www.inmotionhosting.com/support/edu/wordpress/wordpress-all-in-one-seo-pack-plugin-zero-day-vulnerability/
date: 2014-06-10
modified: 2020-09-23
author: "Jeff Matson"
categories: ["Search Engine Optimization", "WordPress Hosting", "WordPress Tutorials"]
type: post
lang: en
---

# WordPress All In One SEO Pack plugin zero-day vulnerability

It has come to our attention that a zero-day vulnerability has been discovered within the All In One SEO Pack plugin which lets a non-privileged user either modify SEO data in posts or inject javascript into an administrators panel to execute malicious code. The developer has released a patch for this vulnerability which resolves the issue with a simple update of the plugin to version 2.1.6.

## What if I am affected?

If you are affected by the vulnerability in the All In One SEO Pack plugin, update to version 2.1.6 immediately. After doing so, we recommend that you run [Sucuri SiteCheck](https://sitecheck.sucuri.net/) as well to ensure that there is not any compromised code running within your WordPress site.
