All In One SEO Vulnerability Affects +3 Million Sites
Security researchers at Jetpack discovered two serious vulnerabilities in the All In One SEO Plugin. The vulnerabilities could allow a hacker to access usernames and passwords and also perform remote code execution exploits.
The vulnerabilities are dependent on each other in order to be successful. The first one is called a Privilege Escalation Attack, which allows a user with a low level of website access privilege (like a subscriber) to raise their privilege level to one with more access privileges (like a website administrator).
The security researchers at Jetpack describe the vulnerability as severe and warn of the following consequences:
“If exploited, the SQL Injection vulnerability could grant attackers access to privileged information from the affected site’s database (e.g., usernames and hashed passwords).”
Authenticated Privilege Escalation
One of the exploits is an Authenticated Privilege Escalation vulnerability that exploits the WordPress REST API, allowing an attacker to access usernames and passwords.
In the All In One SEO plugin the problem was in the security checks that verify if a user accessing an API endpoint had the right privilege credentials.
According to Jetpack:
“The privilege checks applied by All In One SEO to secure REST API endpoints contained a very subtle bug that could’ve granted users with low-privileged accounts (like subscribers) access to every single endpoint the plugin registers.
…Since it didn’t account for the fact that WordPress treats REST API routes as case-insensitive strings, changing a single character to uppercase would completely bypass the privilege checks routine.”
Authenticated SQL Injection
The second exploit is an Authenticated SQL Injection. This relies on an attacker first having some user credentials, even one as low as a website subscriber.
Updating SEO Plugin Recommended
This vulnerability affects versions 4.0.0 through 4.1.5.2. The latest version at this time, 4.1.5.3 is the safest version to update to. The security researchers at Jetpack recommend updating to the latest version.
Source: All In One SEO Vulnerability Affects +3 Million Sites
3 do’s and don’ts for attracting new clients
As we approach the end of another year, businesses are formulating their goals for the year to come, which may also mean a re-evaluation of the partners they’ve enlisted to reach those goals.
Likewise, agencies, freelancers and consultants are also looking to fill their rosters for the year ahead. As the search marketing industry has matured, competition has grown more intense, increasing the stakes of your marketing efforts.
To that end, numerous search practitioners have shared the strategies that have won them clients as well as the methods they don’t recommend for attracting new business.
Figure out your identity and lean in
Clearly defining what you are about (as an agency or a professional) enables you to be transparent about your limitations. This can also be a sales strength “because when you are able to be completely honest about what it is you do NOT do, then it (a) keeps expectations firmly where they should be from both parties and (b) attracts the clients looking for that,” Williams said, adding, “I recently had someone exclaim on a sales call, ‘It is so refreshing to hear someone just be honest with us! I’m so sick of being sold to!’”
Share your expertise
Demonstrating your knowledge by helping others can help establish you as a trusted source of knowledge, which can help promote your business. “We work to put out a helpful marketing blog post once a month and put together a weekly digital marketing news show/podcast,” said Greg Finn, partner at Cypress North and host of the Marketing O’Clock podcast, noting that he’s received new clients from both tactics.
Partner with non-search marketing agencies
Clients are often in need of marketing-adjacent services, which can be an opportunity for a referral. “We work with partners to sell other related services,” said digital marketing consultant Joe Youngblood, “For example, we might work with a design agency to sell website designs for a new, up and coming CMS. That design agency, in turn, promotes our SEO services,” he said, adding that, in some cases, a custom solution involving his services along with those of another, non-search marketing agency can be created for clients. “This leads to a percentage of the clients converting to long-term SEO clients,” he said.
Providing free work remains divisive
Giving potential clients a sample of your work can go a long way in proving its quality. However, this tactic is somewhat controversial due to the ethical implications of performing free work, and because there’s no guarantee that the initial investment on your end will yield returns.
Strategies to avoid
Answering a request for proposal (RFP) may seem like an easy way to get your services in front of a high-intent client, but the search marketers that spoke to Search Engine Land for this article do not advocate doing so. “Without the ability to have a full conversation, RFPs can really put a damper on fruitful conversations, especially when they are open to public bidding,” Finn said.
Signing a client is just the first step
Once the client is onboarded, the real work begins. The quality of your work can greatly influence client renewals as well as new client opportunities.
Source: 3 do’s and don’ts for attracting new clients
Adobe Announces Free Creative Cloud Express
Adobe announced a free creative suite that contains the core functionality of Photoshop, Illustrator, and Premiere Pro. Creative Cloud Express is aimed at non-experienced users, comes with 1 Million free stock images, thousands of templates and will soon feature social media tools.
Design Tools With No Learning Curve
Adobe designed the free editing suite so that anyone can use it, even people with no experience.
“Creative Cloud Express draws on our decades of experience working with the creative community. It makes the core technology in our industry-leading products like Photoshop, Illustrator, and Premiere Pro available with just a few clicks — and with no learning curve.”
The free versions of Adobe’s tools are available as a suite called Creative Cloud Express. The suite is available on the web, in Microsoft stores and on apps for iOS and Android.
Screenshot of Adobe Creative Cloud Templates:
A thoughtful aspect of Creative Cloud Express is it’s connection with the premium Creative Cloud.
Creative Cloud Express can be connected with the professional version, Creative Cloud, which can allow professionals to share assets with clients who use Creative Cloud Express.
Example of an Adobe Creative Cloud Express Template:
There’s a premium version that provides access to millions more stock photos, Photoshop Express and Premiere Rush but for the average non-designer and casual user the free Creative Cloud Express should be more than adequate.
Examples of What’s Possible With Creative Cloud Express:
Generous Features
The Creative Cloud Express suite comes with a generous suite of features that allows users with no experience to apply Photoshop effects, filters, textures, easily remove backgrounds, resize elements, and add overlays with professional results.
Source: Adobe Announces Free Creative Cloud Express
Google Search launches enhanced autocomplete with second column
Google has officially launched a new enhanced autocomplete search suggestions that may include a second column of predictions, and provide easier access to content related to a search, a Google spokesperson confirmed with Search Engine Land. In addition, Google confirmed it is also testing a new edge to edge autocomplete interface and other full width elements in the desktop search interface.
Enhanced autocomplete. The new enhanced autocomplete interface may show additional search predictions including people also ask, people also search for and other content that is related to the query. Here is a screenshot of what this looks like:
Edge to edge autocomplete test. Google is also testing another variation of autocomplete that the search company is calling “edge to edge.” This is where the search box blends directly into the other elements of the search results page. Essentially, Google removes the border around the box where you enter the search query, making it go edge to edge with the rest of the search results.
Here is a screenshot I posted from @MusingPraveen on Twitter. Brodie Clark did a deeper dive on this edge to edge search interface as well.
More full width tests. As you know, Google confirmed launching a full width local and map results interface in search. Google is also testing other full width elements that the search company has not fully launched yet but continues to test. That includes a full width image pack, full width featured snippets and more.
Google overall told us that the search company is frequently testing out and launch changes to different visual elements on various features within Google Search.
Source: Google Search launches enhanced autocomplete with second column
Amazon Alexa SEO tool will disappear in 2022
Amazon’s influential suite of SEO and digital transaction tools will close in 2022. It is damaging to the search marketing community. Alexa.com declared that it would leave its marketing assistance after 25 years. Established in 1996, Amazon subsequently acquired Alexa in 1999. It was originally recognized for giving rankings depending on commerce measured through a toolbar.
However, Alexa ultimately broadened to give a full suite of trade products. The items include backlink checking and site auditing. Alexa.com offers an entire suite of search commerce tools. Nonetheless, what it’s primarily recognized for is Alexa Rank. It is a measure that gives a ratio of site popularity. In the first 2000s, they collected the data via an Alexa toolbar that users surfed and downloaded.
Source: Amazon Alexa SEO tool will disappear in 2022
More News:
Catastrophic Log4j Security Fail Threatens Enterprise Systems & Web Apps Worldwide
