Jump to content


Photo

WordPress SEO by Yoast 1.7.3.3 and Older - Blind SQL Injection VULNERABILITY

WordPress Vulnerability SQL Injection

  • Please log in to reply
No replies to this topic

#1 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,873 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 11 March 2015 - 06:13 PM

WordPress SEO by Yoast is a popular WordPress plugin (wordpress-seo) used to improve the Search Engine Optimization (SEO) of WordPress sites. The latest version at the time of writing (1.7.3.3) has been found to be affected by two authenticated (admin, editor or author user) Blind SQL Injection vulnerabilities. The plugin has more than one million downloads according to WordPress.

For full details:
https://wpvulndb.com...rabilities/7841
http://thehackernews...ast-plugin.html

It looks to me like this requires an authenticated user in the WordPress installation to click a bad link. Not beyond the realm of possibility but not quite as bad as 'It can happen if the site is accessible on the internet,' which would be substantially worse.

Advice:
1. Update your WordPress Installation.
2. Update your plugins.
3. Update your themes.
4. Remove/Delete [not just disable] any plugins and themes you're not using.

For good measure:
Don't click on unusual or unknown links or links sent to you by people you do not know and trust.
 


  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users