Michael D. Posted March 11, 2015 Report Share Posted March 11, 2015 WordPress SEO by Yoast is a popular WordPress plugin (wordpress-seo) used to improve the Search Engine Optimization (SEO) of WordPress sites. The latest version at the time of writing (1.7.3.3) has been found to be affected by two authenticated (admin, editor or author user) Blind SQL Injection vulnerabilities. The plugin has more than one million downloads according to WordPress.For full details:https://wpvulndb.com/vulnerabilities/7841http://thehackernews.com/2015/03/wordpress-seo-by-yoast-plugin.htmlIt looks to me like this requires an authenticated user in the WordPress installation to click a bad link. Not beyond the realm of possibility but not quite as bad as 'It can happen if the site is accessible on the internet,' which would be substantially worse.Advice:1. Update your WordPress Installation.2. Update your plugins.3. Update your themes.4. Remove/Delete [not just disable] any plugins and themes you're not using.For good measure:Don't click on unusual or unknown links or links sent to you by people you do not know and trust. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.