Vulnerability Discovered in All in One SEO Pack < 3.6.2
https://www.wordfence.comAll in One SEO Pack WordPress plugin has 2+ million active installations and is a popular SEO plugin for WordPress. In versions prior to 3.6.2, there is a vulnerability that allowed authenticated users with contributor level access or above the ability to inject malicious scripts that would be executed if a victim accessed the wp-admin panel’s ‘all posts’ page.
The issue has been fixed in Version 3.6.2 which is available now from the WordPress Plugin Repo.