Header background

Our Blog

THOUGHTS, IDEAS & EDUCATIONAL ARTICLES ON WEB DESIGN

Recent Update for WordPress SEO by Yoast Fixes Vulnerability

For anyone running a website, Search Engine Optimization, is a constant priority. For this very reason, many WordPress site owners rely on WordPress SEO by Yoast to help with basic SEO concerns. It currently boasts over a million users and for good reason: It’s incredibly simple to setup and good at what it does.

Ryan Dewhurst, the developer of WPScan, was the first to identify a new security vulnerability for the popular plugin. This new vulnerability has the potential to allow full access to any website running a less than current version of WordPress SEO by Yoast (1.7.4).

In a discussion with Graham Cluley, Dewhurst was quoted saying:

A remote unauthenticated attacker could use this vulnerability to execute arbitrary SQL queries on the victim WordPress website by enticing an authenticated admin, editor or author user to click on a specially crafted link or visit a page they control.

One possible attack scenario would be an attacker adding their own administrative user to the target WordPress site, allowing them to compromise the entire website.

Additional Details

The good news?

One of the things that make plugins by Yoast so great is their team that seems to always be working. Within 90 minutes of receiving Dewhurst’s responsible disclosure of the vulnerability, Yoast released an updated version of the plugin fixing the security issue.

Making sure this doesn’t happen to your site is simple. Just login to your WordPress installs and update your copy!

Comments ( 0 )

    Leave A Comment

    Your email address will not be published. Required fields are marked *

    Footer background
    Lacey, WA
    aaron@ajcreative.net
    (360) 402-0771

    Drop us a line

    Yay! Message sent. Talk to you soon! Error! Please validate your fields.
    Clear
    © 2014 AJ Creative. All rights reserved.
    Request a Quote
    ×