A blind SQL injection vulnerability has been discovered in the popular WordPress SEO plugin by Yoast. An advisory was issued by the WPScanVulnerability Database after responsibly disclosing the vulnerability to the plugin author:
The latest version at the time of writing (126.96.36.199) has been found to be affected by two authenticated (admin, editor or author user) Blind SQL Injection vulnerabilities.
The authenticated Blind SQL Injection vulnerability can be found within the ‘admin/class-bulk-editor-list-table.php’ file. The orderby and order GET parameters are not sufficiently sanitized before being used within a SQL query.
The latest version of WordPress SEO by Yoast (1.7.4) contains a patch for this vulnerability. The changelog reads: “fixed possible CSRF and blind SQL injection vulnerabilities in bulk editor.”
We have scanned all websites with an active VaultPress plan and updated the WordPress SEO plugin to version 1.7.4 where necessary. If there are cases where we’re not able to update the affected plugin ourselves, we will e-mail the website owners to make sure they are aware of this.
If you use the WordPress SEO by Yoast plugin, we strongly recommend that you make sure you are on the latest version. You can update this plugin by visiting Dashboard → Updates in your WordPress dashboard, selecting WordPress SEO by Yoast, and clicking the Update Plugins button.
As always, drop us a line if you have any questions or need any help!