Single Blog

Popular WordPress Plugin ‘SEO by Yoast’ Vulnerable To Hackers

March 13, 2015, Written by 0 comment

Yoast, a popular SEO plugin for wordpress version 1.7.3.3 and below have been found to be affected by two authenticated (admin, editor or author user) Blind SQL Injection vulnerabilities.The authenticated Blind SQL Injection vulnerability can be found within the ‘admin/class-bulk-editor-list-table.php’ file. The orderby and order GET parameters are not sufficiently sanitized before being used within a SQL query.
Customers are advised to take immediate action and upgrade their Yoast to the lastest 1.7.4 and 1.5.3 for Premium version.

martin