Many WordPress websites could be at risk of compromise if their administrators don't upgrade a popular search engine optimization (SEO) plug-in to a newly released version that fixes serious vulnerabilities. Researchers from Web security firm Sucuri found two flaws in a plug-in called "All in One SEO Pack" that potentially allow attackers with access to non-administrative WordPress accounts to elevate their privileges and inject malicious code into the administration panel.