SEOPress, a popular WordPress SEO plugin, having 300k+ active installations had a serious security issue. The problem was an “Object Injection” vulnerability, which could let attackers take control of websites. This issue was fixed in the latest update, version 7.9.
What We Need to Know:
- The Issue: An attacker could exploit the plugin’s REST API, leading to potential control over the site.
- Impact: If not fixed, attackers could execute harmful code, steal data, or delete files.
- Solution: Update SEOPress to version 7.9 or later.
Action Required: Update your SEOPress plugin immediately to secure your site. Ensure that your SEOPress plugin is updated to version 7.9 or later. This update includes the necessary patches to secure the vulnerable endpoints.
For more details, visit the WPScan blog post.