Security Vulnerability in WordPress SEO by Yoast: Please Update to Version 1.7.4

YOAST_logo_RGBThe popular WordPress SEO Plugin by Yoast is affected by a security vulnerability. This vulnerability allows blind SQL injection in versions older than 1.7.4. This means that attackers might take control of your website.

Please check if the plugin has already been automatically updated:

  • Version 1.7.x : from version 1.7.4 (secure)
  • Version 1.6.x : from version 1.6.4 (secure)
  • Version 1.5.x : from version 1.5.7 (secure)
  • Versions older than 1.5: Please update to the current version (1.7.4)

If your versions has not been automatically updated, we strongly recommend to update to the current WordPress SEO by Yoast version. Download WordPress SEO by Yoast

Background Information

To exploit the security vulnerability, the attacker needs access to the WordPress admin area (editor, author or admin rights). This makes it a bit harder for attackers to exploit this security vulnerability.

We at 1&1 Web Hosting have reacted to this security vulnerability via mod_security rules on the server side. This provides a basic level of protection. However, variants of this security vulnerability cannot be blocked. We therefore strongly recommend to update to the current version 1.7.4 in any case.

 

Please rate this post :

Leave a Reply

Your email address will not be published. Required fields are marked *