A very critical type of “vulnerability” has been found in a plugin (WordPress SEO by Yoast), which is used by almost each one of us. To tell you more clearly, as much as 10 million websites are at risk of getting hacked.

This vulnerability has been found by Mr. Ryan Dewhurst, who is a developer of a WordPress vulnerability scanner named as WPScan.

Yoast WordPress SEO Plugin can make your website vulnerable

According to him, all versions before 1.7.3.3 of this plugin are “vulnerable-to-Bling-SQL-Injection”.

With the help of this vulnerability, your confidential data can be leaked any time. However, it can not be triggered
itself, due to a reason that, it lies in “admin/class-bulk-editor-list-table-php file” which can only be used by WordPress authors, editors and admins.

You must check:

What To Do If Your WordPress Website gets Hacked

How to Make Sure That You are not Using a Hacked WP Theme

You might be thinking, how to stay safe from this vulnerability because you don’t wanna loose it, well you just need to keep updating it all the time. Also note that, as per the info provided by the plugin developers, they have “fixed possible CSRF and blind SQL injection vulnerabilities in bulk editor.”

MUST DO!

To automate your wordpress plugin updates, follow these steps:

Manage->Plugins & Themes->Auto Updates tab.

Don’t forget to Subscribe Us via Email to get regular updates.

About The Author

The Founder
Google+

I am a Web Solutions Researcher and an experienced blogger since 2007 having number of world famous blogs with professional team of different online fields working for me. I love to share my ideas and research and help newbies.

2 Responses

Leave a Reply

Your email address will not be published.

CAPTCHA

*