WordPress SEO by Yoast is most popular free SEO plugin for WordPress. It has been downloaded 16,564,599 times so far and probably you must be using it on your blog. If you are, you should immediately update the plugin on your blog.
A freelance security consultant named Ryan Dewhurst discovered a security flaw in the plugin. This could put your WordPress site into danger and could be hacked.
Here is the technical description of the vulnerability:
“The authenticated Blind SQL Injection vulnerability can be found within the ‘admin/class-bulk-editor-list-table.php’ file. The orderby and order GET parameters are not sufficiently sanitised before being used within a SQL query.”
Though this vulnerability can be used by hacked using Social-engineering. As they can tempt any
admin, editor or author to click on a link and this could compromise your site.
Note: Without reading any further, update SEO by Yoast plugin on your blog.
Yoast acknowledged this vulnerability and launched an updated version of the plugin. Since this plugin is used by millions of WordPress blog worldwide, WordPress team put a forced automatic update for this plugin. If your Auto-Update is not disabled, you might not see an update notice for this plugin. Here is the note from Yoast site:
Because of the severity of the issue, the WordPress.org team put out a forced automatic update (thanks!). If you didn’t specifically disable those and you were:
- running on 1.7 or higher, you’ll have been auto-updated to 1.7.4.
- If you were running on 1.6.*, you’ll have been updated to 1.6.4.
- If you were running on 1.5.*, you’ll have been updated to 1.5.7.
Anyhow, if your blog is running WordPress SEO by Yoast plugin, you should update the plugin right away. If you are using SEO by Yoast Premium, you need to go to plugins> Installed plugins and manually update the plugin from there.
This is a quick note to inform you about this vulnerability, as it may put your WordPress blog into danger. Do share this information with your blogger friends, as it’s important!
Once you have updated the plugin, check out this related video: