24 C
Saturday, February 27, 2021
Tel: 8850717892

WordPress – Yoast SEO Plugin Vulnerability

Home Security Awareness WordPress - Yoast SEO Plugin Vulnerability
- Advertisement -

Must Read

Spatial Organization in Architecture

The spatial organization primarily indicates the pattern of arrangement of various biotic and abiotic elements arranged in a non-randomly...

Fluidity in Architecture

Fluidity in Architecture proves to be one of the most ultra-modern approaches towards design, engineering, and construction. It is...

“ILOVEYOU” Virus that Infected 50 Million Windows Computers In 10 Days

The very first computer virus was discovered in 1986, it was named as “brain”. Sounds weird right!. Since...
BlARROW is a unilingual, electronic, free-content site which composes write-ups on issues concerning online security. It is run helpfully by content scholars who write on a broad scope of subjects. Anyone with access to the internet connection and an ache to gain some new useful knowledge can get to these articles. Aside from this, they additionally give Udemy coupons, Appstore Games, and applications, all for free. So, in case one is curious to learn something new, gain widespread knowledge without drawing a hole in the pocket.

Although WordPress started out as a simple blogging system, today it has developed into a complete content management system (CMS) that can be used not only for blogging but for practically anything, with millions of people using it as a personal or business website. This is mostly due to the hundreds of plugins and widgets that are available for use. The freedom that WordPress has as a self-hosted platform implies that you can use it to create any website, simple or complex, different blogs, and so much more, while being incredibly easy to use.

In order to achieve all this, WordPress uses many different plugins, especially when it comes to SEO. Search engine optimization (SEO) is one of the most important tools used to increase traffic on a website.

One of the best known plugins for SEO is the Yoast plugin. This plugin has over 14 million downloads as their website claims. It is a widely spread belief that your WordPress website will never have enough search engine optimization (SEO) if you don’t have the WordPress SEO by Yoast plugin installed.

However, a huge flaw has been discovered in this plugin that might put your website in danger and cause leakage of confidential data.

How secure is SEO by Yoast?

Last week, an important Yoast vulnerability has been discovered which could have put millions of websites at critical risk to be attacked by hackers. This Yoast vulnerability was discovered by a developer of the WordPress vulnerability scanner Ryan Dewhurst, and it applies to almost every version of the plugins that go by the name “WordPress SEO by Yoast”.

This vulnerability is called a Blind SQL injection, or SQLi, which could cause leakage of confidential information, deleting information, or modifying important data.

According to The Hacker News – “Basically in SQLi attack, an attacker inserts a malformed SQL query into an application via client-side input.”

Explaining how a SQLi attack works!

An important thing to know is that not every user of the SEO by Yoast plugin can become a victim of hackers. Evidently, in order to abuse this Yoast vulnerability, the hacker will need the help of social engineering in order to trick authorized users which have access to the ‘admin/class-bulk-editor-list-table.php’ file (this is where the vulnerability is found) to click on a link. Authorised users which can access this file are the Admin, Editor, or Author privileged users. This means that the only way a hacker can use this flaw is if the authorized user is tricked into clicking a link (URL) which will then allow the hacker to create their own new admin account and mess up or abuse the WordPress site.

If the authorised user doesn’t click on any dangerous urls, there’s no risk of exploiting this recently discovered Yoast vulnerability.

This Yoast vulnerability has been found in most versions ending with the version where two Blind SQL injection vulnerabilities were found.

What’s the best way to protect your WordPress website?

When something like this comes up that puts at risk millions of websites out there, a quick solution is often necessary. Immediately after this information was spread all over the internet, many quick fix-ups were offered to users.

Luckily, the team of developers of the Yoast plugin managed to rapidly issue a new, fixed and improved version of the WordPress SEO by Yoast plugin. The latest version of WordPress SEO by Yoast 1.7.4 is now available for downloading and the developers promise that this version has “fixed possible CSRF and blind SQL injection vulnerabilities in bulk editor.

The team of Yoast and Joost de Valk (the owner and creator of yoast.com) have issued a WordPress SEO Security release where it states that all the flaws have been fixed. Furthermore, there will be a forced automatic update due to the seriousness of this issue. This update will be available for both free and premium users.

However, if you are a WordPress administrator and you have the auto-update feature disabled, it is recommended that you immediately upgrade your WordPress SEO by Yoast plugin manually!!!

Source by Dobrica Nastova

- Advertisement -


Please enter your comment!
Please enter your name here

Latest News

More Articles Like This

- Advertisement -