Blind SQL injection vulnerability found in WordPress SEO plugin by Yoast

Yoast-Wordpress-SEO-Plugin

 

Over a million websites that use WordPress SEO by Yoast are at risk due to a blind SQL injection vulnerability found.  WPScan Vulnerability Database released an advisory after it had disclosed the vulnerability to the plugin’s author.

“The latest version at the time of writing (1.7.3.3) has been found to be affected by two authenticated (admin, editor or author user) Blind SQL Injection vulnerabilities.

The authenticated Blind SQL Injection vulnerability can be found within the ‘admin/class-bulk-editor-list-table.php’ file. The orderby and order GET parameters are not sufficiently sanitized before being used within a SQL query.”

Yoast quickly responded with a patch and released the version 1.7.4:

“Fixed possible CSRF and blind SQL injection vulnerabilities in bulk editor. Added strict sanitation to order_by and order params. Added extra nonce checks on requests sending additional parameters. Minimal capability needed to access the bulk editor is now Editor. Thanks Ryan Dewhurst from WPScan for discovering and responsibly disclosing this issue.”

Immediate Update Recommended

GreenGeeks real-time security scanning is already protecting our customers from this vulnerability. While GreenGeeks has real-time monitoring in place to catch such vulnerabilities and pro-actively protect our customers from exploit, we strongly urge all of our customers to update their WordPress SEO plugin by Yoast immediately to avoid any potential issues in the future. Best practice is to ensure that all of your plugins and WordPress core files are up-to-date at all times.

 

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.