All In One SEO Pack version 3.2.6 and below is vulnerable to a Stored Cross-Site Scripting attack. An attacker will need to use an authenticated user to exploit the vulnerability. If the attacker gains access to an admin user, they could execute PHP code and compromise the server.
What You Should Do
You should update the plugin to version 3.2.7 as the vulnerability has been patched in 3.2.7