Yoast WordPress SEO plugin bug could enable SQL-injection attacks on more than 14 million sites

A vulnerability has been found in the popular WordPress SEO plugin “WordPress SEO by Yoast.” The makers of Yoast describe their product as a “leading web analytics plugin for WordPress.”

 

Yoast is recognized as a very popular SEO plugin for WordPress, and with more than 14 million downloads, many outdated sites are potentially at risk from the vulnerability.

 

Discovered by WPScan Vulnerability Database, the flaw could allow malicious attackers a vector to force a blind SQL injection into a site. From there, and depending on the code injected, an attacker could dive into a whole host of activities on a targeted site.

 

To their credit, the team at Yoast quickly identified and implemented a fix to close the vulnerability.

 

The vulnerability in the Yoast WordPress plugin affects versions 1.7.3.3 and lower. The Yoast team has already responded to the security issue and released a patch to address the vulnerability. If you use the Yoast SEO plugin on any of your WordPress sites you should update to the most secure version immediately.

 

At the time of this writing, the most secure version is Yoast 1.7.4.

 

As always, if you have any questions about updating this plugin to the most secure version on your WordPress site, don’t hesitate to contact a member of our support team.

 

 

------

WPScan vulnerability database. (Yoast Scan)

Yoast SEO plugin for WordPress. (WordPress Plugin Directory)

Yoast WordPress SEO plugin vulnerable to hackers. (SearchEngineLand)