Last week, security  researcher at Automattic  Marc Montpas recently discovered two severe security vulnerabilities within one of the most popular SEO plugins used by WordPress website owners

25 dec 2021

The plugin is used by more than three million websites and if left  unpatched could cause some serious headaches for WordPress users.

Both vulnerabilities require that the attacker have an account on the website, but the account could be as low-level as a subscriber. WordPress websites by default allow any user on the web to create an account.

By default new accounts are ranked as subscriber and do not have any privileges other than writing comments.

However, certain vulnerabilities, such as the ones just discovered, allow these subscriber users to have vastly more privileges than they were intended to have.

When exploited in tandem, these two security holes allow an attacker to take over an unpatched WordPress website.

Wordpress Assistant  The ultimate guide for WordPress