Now Reading
Yoast SEO WordPress Plugin is Susceptible to Hackers

Yoast SEO WordPress Plugin is Susceptible to Hackers

by Philip Armstrong12th March 2015

Millions of sites built on WordPress are at risk of being hacked with the use of a Blind SQL Injection, as a result of a security hole in the widely used SEO plugin by Yoast. An update has been made to the plugin to combat against this vulnerability – make sure you update your plugin to the latest version (1.7.4) if you use the Yoast plugin.

What Is a Blind SQL Injection?

This type of attach asks a series of true or false questions and then determines the answer based on the response from the application. Ultimately an SQL query is inserted into the database with the goal of either extracting, modifying, or deleting data, and it can be used to insert unauthorised spam or affiliate links, or malware onto the website.

The new version of the Yoast SEO plugin is supposed to have fixed the vulnerability:

Security fix: fixed possible CSRF and blind SQL injection vulnerabilities in bulk editor. Added strict sanitation to order_by and order params. Added extra nonce checks on requests sending additional parameters. Minimal capability needed to access the bulk editor is now Editor. Thanks Ryan Dewhurst from WPScan for discovering and responsibly disclosing this issue.

Enjoyed this Article?

Signup now and receive articles like this directly to your inbox!

We will never give away, trade or sell your email address. You can unsubscribe at any time.

What's your reaction?
Love It
Hate It
About The Author
Philip Armstrong
Philip Armstrong is a content writer for the Just SEO newsroom. Having served as an Adword's manager for a number of paid search campaigns, he is an expert in spending money to make money, and regularly contributes in-depth articles on the latest news and updates on pay-per-click (PPC) matters.

Leave a Response