Jump to content


Photo

WordPress SEO by Yoast 1.7.3.3 and Older - Blind SQL Injection VULNERABILITY

WordPress Vulnerability SQL Injection

  • Please log in to reply
No replies to this topic

#1 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,665 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 11 March 2015 - 06:13 PM

WordPress SEO by Yoast is a popular WordPress plugin (wordpress-seo) used to improve the Search Engine Optimization (SEO) of WordPress sites. The latest version at the time of writing (1.7.3.3) has been found to be affected by two authenticated (admin, editor or author user) Blind SQL Injection vulnerabilities. The plugin has more than one million downloads according to WordPress.

For full details:
https://wpvulndb.com...rabilities/7841
http://thehackernews...ast-plugin.html

It looks to me like this requires an authenticated user in the WordPress installation to click a bad link. Not beyond the realm of possibility but not quite as bad as 'It can happen if the site is accessible on the internet,' which would be substantially worse.

Advice:
1. Update your WordPress Installation.
2. Update your plugins.
3. Update your themes.
4. Remove/Delete [not just disable] any plugins and themes you're not using.

For good measure:
Don't click on unusual or unknown links or links sent to you by people you do not know and trust.
 


  • 0

Michael Denney - MDDHosting, LLC - Professional Hosting Solutions
LiteSpeed Powered - Shared, Reseller, Premium, and VPS
Incremental R1Soft CDP Backups on all shared, semi-dedicated, and VPS services!
http://www.mddhosting.com/- Follow us on Twitter!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users