WPLift is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission.

Weekly WordPress News: Over 1 Million WordPress Sites at Risk Due to AIOS Plugin Vulnerabilities

Last Updated on October 19th, 2023


The All-In-One Security (AIOS) WordPress plugin from UpdraftPlus publishers provides encryption and firewall measures that aim to prevent hackers. It offers a range of security features, including firewall protection against hacking threats, copyright protection, hotlinking prevention, comment spam blocking, and log-in privacy safeguards to keep hackers out. Additionally, the plugin enforces proactive security by alerting users to frequent errors like using the default “admin” username. AIOS is a comprehensive safety solution that is supported by the reputable makers of UpdraftPlus and is highly regarded for its attributes, with over a million WordPress installations.

However, the US government’s National Vulnerability Database (NVD) recently issued two warnings about vulnerabilities in AIOS. The first vulnerability is due to a failure to escape log files, which is a data sanitization error. The second vulnerability is a path traversing flaw that allows attackers to access forbidden files by exploiting a security breach. Both vulnerabilities require admin-level access to initiate an attack, making it more difficult for the attack to succeed. These foreseeable flaws in a security plugin are concerning, but AIOS has been updated to version 5.1.6 to address them. Users are advised to update to at least version 5.1.6, and preferably version 5.1.7, which also resolves a firewall configuration crash.

// Team WPLift




A team of WordPress experts that love to test out new WordPress related software, WordPress plugins and WordPress themes.