Blind SQL Injection Exploit in “WordPress SEO Plugin by Yoast” (2015) Updated on April 21, 2022 by Scott Mitchell 0 Minutes, 45 Seconds to Read On March 11, 2015 the WordPress SEO by Yoast was discovered to have a Blind SQL Injection vulnerability. Yoast fixed the issue immediately: “We fixed a CSRF issue that allowed blind SQL injection. The one sentence explanation for the not so technical: by having a logged-in author, editor or admin visit a malformed URL a malicious hacker could change your database. While this does not allow mass hacking of installs using this hole, it does allow direct targeting of a user on a website. This is a serious issue, which is why we immediately set to work to fix it when we were notified of the issue.” We strongly recommend that you update this plugin if you have it on your WordPress site. It is possible WordPress has already updated it for you, but check to be certain. For those who added the plugin after March 11, 2015, the fix will already be implemented. Share this Article Related Articles Update BoldGrid if you are using WordPress 4.7 How WordPress 5.2 Combats the White Screen of Death WebP in WordPress 5.8 – Support for the WebP Image Format Performance Team Proposes Support SVG Images in WordPress Blind SQL Injection Exploit in “WordPress SEO Plugin by Yoast” (2015) WordPress to Stop Support for Internet Explorer 11
