The Robots.txt Optimization Plugin for WordPress is not secure in versions up to and including 1.4.5. This means that someone who is not authorized can make changes to the plugin’s settings if they can convince a website administrator to do something like clicking a link. We don’t know how serious this problem is.