If you use the WordPress SEO plugin Yoast, you should update it immediately
A vulnerability has been found in the popular WordPress SEO plugin “WordPress SEO by Yoast.” The makers of Yoast
describe their product as a “leading web analytics plugin for WordPress.”
Yoast is recognized as a very popular SEO plugin for WordPress, and with more than 14 million downloads
, many outdated sites are potentially at risk from the vulnerability.
Discovered by WPScan Vulnerability Database
, the flaw could allow malicious attackers a vector to force a blind SQL injection into a site. From there, and depending on the code injected, an attacker could dive into a whole host of activities on a targeted site.
To their credit, the team at Yoast quickly identified and implemented a fix to close the vulnerability.
How to protect your site
The vulnerability in the Yoast WordPress plugin affects versions 220.127.116.11 and lower. The Yoast team has already responded to the security issue and released a patch to address the vulnerability. If you use the Yoast SEO plugin on any of your WordPress sites you should update to the most secure version immediately.
At the time of this writing, the most secure version is Yoast 1.7.4
As always, if you have any questions about updating this plugin to the most secure version on your WordPress site, don’t hesitate to contact a member of our support team.
Works Cited / For Further Reading:
Over a million WordPRess sites at risk because of Yoast flaw. (PC World