The popular WordPress SEO Plugin by Yoast is affected by a security vulnerability. This vulnerability allows blind SQL injection in versions older than 1.7.4. This means that attackers might take control of your website.
Please check if the plugin has already been automatically updated:
- Version 1.7.x : from version 1.7.4 (secure)
- Version 1.6.x : from version 1.6.4 (secure)
- Version 1.5.x : from version 1.5.7 (secure)
- Versions older than 1.5: Please update to the current version (1.7.4)
If your versions has not been automatically updated, we strongly recommend to update to the current WordPress SEO by Yoast version. Download WordPress SEO by Yoast
To exploit the security vulnerability, the attacker needs access to the WordPress admin area (editor, author or admin rights). This makes it a bit harder for attackers to exploit this security vulnerability.
We at 1&1 Web Hosting have reacted to this security vulnerability via mod_security rules on the server side. This provides a basic level of protection. However, variants of this security vulnerability cannot be blocked. We therefore strongly recommend to update to the current version 1.7.4 in any case.