A critical security flaw, CVE-2024-3368, has been found in the widely-used All-in-One SEO plugin for WordPress. Discovered during routine security checks, this vulnerability allows unauthorized injection of JavaScript code, posing a serious risk to millions of websites. Urgent action is advised, including updating the plugin and implementing additional security measures. CleanTalk, a leading provider of WordPress security solutions, remains committed to promptly addressing emerging threats.