WordPress SEO by Yoast is one of the most popular SEO plugins on the market with over 1 million active installs. Unfortunately yesterday WPScanVulnerability identified a security issue with it and issued the following statement
The latest version at the time of writing (184.108.40.206) has been found to be affected by two authenticated (admin, editor or author user) Blind SQL Injection vulnerabilities.
The authenticated Blind SQL Injection vulnerability can be found within the ‘admin/class-bulk-editor-list-table.php’ file. The orderby and order GET parameters are not sufficiently sanitized before being used within a SQL query.
Yoast was quick to respond with a patch and released version 1.7.4 with the following security fix:
Fixed possible CSRF and blind SQL injection vulnerabilities in bulk editor. Added strict sanitation to order_by and order params. Added extra nonce checks on requests sending additional parameters. Minimal capability needed to access the bulk editor is now Editor. Thanks Ryan Dewhurst from WPScan for discovering and responsibly disclosing this issue.
SQL injections are a serious cause for concern with WordPress sites and can effectively allow a hacker to take control of your site. So we highly recommend anyone using this plugin to update it.
All clients using this plugin have already been updated