Categories: News

Yoast SEO PLugin Vunerable to Bling SQL Injection: Update Immediately

WordPress SEO by Yoast is one of the most popular SEO plugins on the market with over 1 million active installs. Unfortunately yesterday WPScanVulnerability identified a security issue with it and issued the following statement

The latest version at the time of writing (1.7.3.3) has been found to be affected by two authenticated (admin, editor or author user) Blind SQL Injection vulnerabilities.

The authenticated Blind SQL Injection vulnerability can be found within the ‘admin/class-bulk-editor-list-table.php’ file. The orderby and order GET parameters are not sufficiently sanitized before being used within a SQL query.

Yoast was quick to respond with a patch and released version 1.7.4 with the following security fix:

Fixed possible CSRF and blind SQL injection vulnerabilities in bulk editor. Added strict sanitation to order_by and order params. Added extra nonce checks on requests sending additional parameters. Minimal capability needed to access the bulk editor is now Editor. Thanks Ryan Dewhurst from WPScan for discovering and responsibly disclosing this issue.

SQL injections are a serious cause for concern with WordPress sites and can effectively allow a hacker to take control of your site. So we highly recommend anyone using this plugin to update it.

All clients using this plugin have already been updated

James Smythe

Recent Posts

Understanding Google PageSpeed Insights & Core Web Vitals – A green 90+ can still show as needing improvement in Search Console

Many website owners have breathed a sigh of relief that Google has delayed the algorithm…

2 months ago

Most Google searches generate no website traffic with zero-click searches

I briefly touched upon zero-click searches in a recent post about Google featured snippets. The…

4 months ago

Takedown bad Google My Business with a new tool from Google

Online reviews can make or break a business nowadays, which has unfortunately made reviews become…

4 months ago

Google featured snippets improve to normal levels following drop

Featured Snippets in Google are a blessing and a curse. One had they offer a…

4 months ago

LiteSpeed Cache + QUIC.cloud CDN vs WP Rocket + Cloudflare CDN PageSpeed Insights with Divi WordPress Theme

We all know website speed is important, ignoring Google; a slow website provides a terrible…

5 months ago

This website uses cookies.