Security Update for All in One SEO Pack

Semper Plugins announces the release of All in One SEO Pack 2.3.8, and All in One SEO Pack Pro 2.4.8, a security update to previous releases. We recommend that users of All in One SEO and All in One SEO Pack Pro upgrade as soon as they are able to do so. 

This release closes a security vulnerability first identified by David Vaartjes in a security hackathon last week. After notifying us, we immediately issued 2.3.7 to patch the issue and protect our customers, which we estimate to have affected less than 0.5% of our customer base. 

Meanwhile, we sought out any similar vulnerabilities in our code base, and asked WordFence, who helped us identify an additional case, to verify our fix, which they have. 

As a third precautionary step, we are currently undergoing independent audits from WordFence, Sucuri and Mark Jacquith, the three most trusted names in WordPress security. While one source might be sufficient, we are going above and beyond in our due diligence to ensure that our codebase and our customers are as secure as possible. 

Although All in One SEO Pack continues to be your best SEO solution for WordPress, bolstered by almost 30 million downloads and 5 million active users, we expect future updates in the coming months as we adopt any recommendations from our security audits to harden our codebase.  As with any plugin, theme or WordPress core, we recommend staying up to date with updates. 

We want to thank David Vaartjes for their responsible reporting. As noted above, a release was issued immediately for the above issue (2.3.7) which we believe would only have been able to affect 0.5% or less of our users. Now we’ve gone even further, scouring our code base for potential vulnerabilities and issuing an additional release today (2.3.8) which WordFence has verified. 

Want to Try AIOSEO for Free?

Enter the URL of your WordPress website to install AIOSEO Lite.

Please enable JavaScript in your browser to complete this form.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. We only recommend products that we believe will add value to our readers.

author avatar
Michael Torbert

Add a Comment

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our privacy policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.

5 comments on “Security Update for All in One SEO Pack