If you use the popular "All in One SEO Pack" WordPress plugin, you should update immediately. Two vulnerabilities and one cross-site scripting (XSS) flaw have been discovered.
Sucuri, a web monitoring and malware cleanup service was the first to spot the exploits.
If you're an All in One SEO Pack plugin user and don't update, the best case scenario could be finding yourself removed from Google's search index for spamming. And because a malicious user could change the title, description, and keyword meta tags, it opens up websites to having that information changed by unauthorized third parties.
However, another exploit is much more dangerous for website owners:
The WordPress plugin has more than 18 million downloads, which means a large number of WordPress-based websites are potentially vulnerable, especially if webmasters don't take advantage of automatic updates.
Along with WordPress SEO by Yoast, the All in One SEO Pack is one of the most popular WordPress SEO plugins.
The updated All in One SEO Pack plugin can be downloaded here. As yet, the plugin's creator hasn't made any comment about the situation on his Twitter account or websites.
Optimising Digital Marketing Campaigns with Search, Social and Analytics
At SES London (9-11 Feb) you'll get an overview of the latest tools, tips, and tactics in Paid, Owned, Earned, Integrated Media and Business Intelligence to streamline your marketing campaigns in 2015. Register by 31 October to take advantage of Early Bird Rates.