Jump to content
MDDHosting Forums

WordPress SEO by Yoast 1.7.3.3 and Older - Blind SQL Injection VULNERABILITY


Michael D.

Recommended Posts

WordPress SEO by Yoast is a popular WordPress plugin (wordpress-seo) used to improve the Search Engine Optimization (SEO) of WordPress sites. The latest version at the time of writing (1.7.3.3) has been found to be affected by two authenticated (admin, editor or author user) Blind SQL Injection vulnerabilities. The plugin has more than one million downloads according to WordPress.

For full details:
https://wpvulndb.com/vulnerabilities/7841
http://thehackernews.com/2015/03/wordpress-seo-by-yoast-plugin.html

It looks to me like this requires an authenticated user in the WordPress installation to click a bad link. Not beyond the realm of possibility but not quite as bad as 'It can happen if the site is accessible on the internet,' which would be substantially worse.

Advice:
1. Update your WordPress Installation.
2. Update your plugins.
3. Update your themes.
4. Remove/Delete [not just disable] any plugins and themes you're not using.

For good measure:
Don't click on unusual or unknown links or links sent to you by people you do not know and trust.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...