Security Update for All in One SEO Pack

There are 5 comments, join the conversation

Semper Plugins announces the release of All in One SEO Pack 2.3.8, and All in One SEO Pack Pro 2.4.8, a security update to previous releases. We recommend that users of All in One SEO and All in One SEO Pack Pro upgrade as soon as they are able to do so. 

This release closes a security vulnerability first identified by David Vaartjes in a security hackathon last week. After notifying us, we immediately issued 2.3.7 to patch the issue and protect our customers, which we estimate to have affected less than 0.5% of our customer base. 

Meanwhile, we sought out any similar vulnerabilities in our code base, and asked WordFence, who helped us identify an additional case, to verify our fix, which they have. 

As a third precautionary step, we are currently undergoing independent audits from WordFence, Sucuri and Mark Jacquith, the three most trusted names in WordPress security. While one source might be sufficient, we are going above and beyond in our due diligence to ensure that our codebase and our customers are as secure as possible. 

Although All in One SEO Pack continues to be your best SEO solution for WordPress, bolstered by almost 30 million downloads and 5 million active users, we expect future updates in the coming months as we adopt any recommendations from our security audits to harden our codebase.  As with any plugin, theme or WordPress core, we recommend staying up to date with updates. 

We want to thank David Vaartjes for their responsible reporting. As noted above, a release was issued immediately for the above issue (2.3.7) which we believe would only have been able to affect 0.5% or less of our users. Now we’ve gone even further, scouring our code base for potential vulnerabilities and issuing an additional release today (2.3.8) which WordFence has verified. 

Michael founded the company with the values of a Marine Corps combat veteran. As the developer of All in One SEO Pack, the No. 1 most downloaded WordPress plugin, Michael loves his work as much as driving his Audi. With his free time, he tries to fulfill his childhood dream: travel the world and taste good food. Fall is Michael’s favorite season because college football is on and he’s a Hokie. Oh yeah, he studied Computer Science at NC State University, and wore Hokie gear the entire time! You can connect with Michael at his personal blog and follow him on Twitter. Interested in working with Michael on your next project? Click here or call 855-284-5940 to discuss how we can make your project work for you! You can find Michael at http://michaeltorbert.com

5 comments on “Security Update for All in One SEO Pack
  1. pagos@topteamlatinos.com says:

    Please could you send me the link for download .zip file with the version 2.4.8 i’m having problems downloading files in my pc. thanks

  2. Jaison Rodriguez says:

    Do you have any trial or demo in the All in SEO Pack Pro v2.4.8?

  3. Takashi Yamaguchi says:

    My version is 2.3.4.2.
    Should I update?

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Skip to toolbar