{"id":3520,"date":"2015-03-17T13:44:18","date_gmt":"2015-03-17T17:44:18","guid":{"rendered":"https:\/\/www.inmotionhosting.com\/support\/2015\/03\/17\/blind-sql-injection-exploit-in-yoast-plugin\/"},"modified":"2022-04-21T13:02:33","modified_gmt":"2022-04-21T17:02:33","slug":"blind-sql-injection-exploit-in-yoast-plugin-2015","status":"publish","type":"post","link":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-news\/blind-sql-injection-exploit-in-yoast-plugin-2015\/","title":{"rendered":"Blind SQL Injection Exploit in &#8220;WordPress SEO Plugin by Yoast&#8221; (2015)"},"content":{"rendered":"\n<p>On <em>March 11, 2015<\/em> the <a href=\"https:\/\/yoast.com\" target=\"_blank\" rel=\"noopener\">WordPress SEO by Yoast<\/a> was discovered to have a Blind SQL Injection vulnerability. Yoast fixed the issue immediately:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p><em>&#8220;We fixed a CSRF issue that allowed blind SQL injection. The one sentence explanation for the not so technical: by having a logged-in author, editor or admin visit a malformed URL a malicious hacker could change your database. While this does not allow mass hacking of installs using this hole, it does allow direct targeting of a user on a website. This is a serious issue, which is why we immediately set to work to fix it when we were notified of the issue.&#8221;<\/em><\/p><\/blockquote>\n\n\n\n<p>We <strong>strongly<\/strong> recommend that you <a href=\"\/support\/edu\/wordpress\/plugins\/update-wordpress-plugin\/\">update this plugin<\/a> if you have it on your WordPress site. It is possible WordPress has already updated it for you, but check to be certain. For those who added the plugin after March 11, 2015, the fix will already be implemented.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On March 11, 2015 the WordPress SEO by Yoast was discovered to have a Blind SQL Injection vulnerability. Yoast fixed the issue immediately: &#8220;We fixed a CSRF issue that allowed blind SQL injection. The one sentence explanation for the not so technical: by having a logged-in author, editor or admin visit a malformed URL a<a class=\"moretag\" href=\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-news\/blind-sql-injection-exploit-in-yoast-plugin-2015\/\"> Read More ><\/a><\/p>\n","protected":false},"author":8,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4414],"tags":[],"class_list":["post-3520","post","type-post","status-publish","format-standard","hentry","category-wordpress-news"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Blind SQL Injection Exploit in &quot;WordPress SEO Plugin by Yoast&quot; (2015) | InMotion Hosting<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-news\/blind-sql-injection-exploit-in-yoast-plugin-2015\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Blind SQL Injection Exploit in &quot;WordPress SEO Plugin by Yoast&quot; (2015) | InMotion Hosting\" \/>\n<meta property=\"og:description\" content=\"On March 11, 2015 the WordPress SEO by Yoast was discovered to have a Blind SQL Injection vulnerability. Yoast fixed the issue immediately: &#8220;We fixed a CSRF issue that allowed blind SQL injection. The one sentence explanation for the not so technical: by having a logged-in author, editor or admin visit a malformed URL a Read More &gt;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-news\/blind-sql-injection-exploit-in-yoast-plugin-2015\/\" \/>\n<meta property=\"og:site_name\" content=\"InMotion Hosting Support Center\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/inmotionhosting\/\" \/>\n<meta property=\"article:published_time\" content=\"2015-03-17T17:44:18+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-04-21T17:02:33+00:00\" \/>\n<meta name=\"author\" content=\"Scott Mitchell\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@InMotionHosting\" \/>\n<meta name=\"twitter:site\" content=\"@InMotionHosting\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Scott Mitchell\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-news\/blind-sql-injection-exploit-in-yoast-plugin-2015\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-news\/blind-sql-injection-exploit-in-yoast-plugin-2015\/\"},\"author\":{\"name\":\"Scott Mitchell\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/d850efb28ef3573db7d24b0d8fa9eaed\"},\"headline\":\"Blind SQL Injection Exploit in &#8220;WordPress SEO Plugin by Yoast&#8221; (2015)\",\"datePublished\":\"2015-03-17T17:44:18+00:00\",\"dateModified\":\"2022-04-21T17:02:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-news\/blind-sql-injection-exploit-in-yoast-plugin-2015\/\"},\"wordCount\":160,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#organization\"},\"articleSection\":[\"WordPress News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-news\/blind-sql-injection-exploit-in-yoast-plugin-2015\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-news\/blind-sql-injection-exploit-in-yoast-plugin-2015\/\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-news\/blind-sql-injection-exploit-in-yoast-plugin-2015\/\",\"name\":\"Blind SQL Injection Exploit in \\\"WordPress SEO Plugin by Yoast\\\" (2015) | InMotion Hosting\",\"isPartOf\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#website\"},\"datePublished\":\"2015-03-17T17:44:18+00:00\",\"dateModified\":\"2022-04-21T17:02:33+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-news\/blind-sql-injection-exploit-in-yoast-plugin-2015\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-news\/blind-sql-injection-exploit-in-yoast-plugin-2015\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-news\/blind-sql-injection-exploit-in-yoast-plugin-2015\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.inmotionhosting.com\/support\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Blind SQL Injection Exploit in &#8220;WordPress SEO Plugin by Yoast&#8221; (2015)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#website\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/\",\"name\":\"InMotion Hosting Support Center\",\"description\":\"Web Hosting Support &amp; Tutorials\",\"publisher\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.inmotionhosting.com\/support\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#organization\",\"name\":\"InMotion Hosting\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg\",\"contentUrl\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg\",\"width\":696,\"height\":696,\"caption\":\"InMotion Hosting\"},\"image\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/inmotionhosting\/\",\"https:\/\/x.com\/InMotionHosting\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/d850efb28ef3573db7d24b0d8fa9eaed\",\"name\":\"Scott Mitchell\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/author\/scott\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Blind SQL Injection Exploit in \"WordPress SEO Plugin by Yoast\" (2015) | InMotion Hosting","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-news\/blind-sql-injection-exploit-in-yoast-plugin-2015\/","og_locale":"en_US","og_type":"article","og_title":"Blind SQL Injection Exploit in \"WordPress SEO Plugin by Yoast\" (2015) | InMotion Hosting","og_description":"On March 11, 2015 the WordPress SEO by Yoast was discovered to have a Blind SQL Injection vulnerability. Yoast fixed the issue immediately: &#8220;We fixed a CSRF issue that allowed blind SQL injection. The one sentence explanation for the not so technical: by having a logged-in author, editor or admin visit a malformed URL a Read More >","og_url":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-news\/blind-sql-injection-exploit-in-yoast-plugin-2015\/","og_site_name":"InMotion Hosting Support Center","article_publisher":"https:\/\/www.facebook.com\/inmotionhosting\/","article_published_time":"2015-03-17T17:44:18+00:00","article_modified_time":"2022-04-21T17:02:33+00:00","author":"Scott Mitchell","twitter_card":"summary_large_image","twitter_creator":"@InMotionHosting","twitter_site":"@InMotionHosting","twitter_misc":{"Written by":"Scott Mitchell","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-news\/blind-sql-injection-exploit-in-yoast-plugin-2015\/#article","isPartOf":{"@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-news\/blind-sql-injection-exploit-in-yoast-plugin-2015\/"},"author":{"name":"Scott Mitchell","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/d850efb28ef3573db7d24b0d8fa9eaed"},"headline":"Blind SQL Injection Exploit in &#8220;WordPress SEO Plugin by Yoast&#8221; (2015)","datePublished":"2015-03-17T17:44:18+00:00","dateModified":"2022-04-21T17:02:33+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-news\/blind-sql-injection-exploit-in-yoast-plugin-2015\/"},"wordCount":160,"commentCount":0,"publisher":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#organization"},"articleSection":["WordPress News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-news\/blind-sql-injection-exploit-in-yoast-plugin-2015\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-news\/blind-sql-injection-exploit-in-yoast-plugin-2015\/","url":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-news\/blind-sql-injection-exploit-in-yoast-plugin-2015\/","name":"Blind SQL Injection Exploit in \"WordPress SEO Plugin by Yoast\" (2015) | InMotion Hosting","isPartOf":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#website"},"datePublished":"2015-03-17T17:44:18+00:00","dateModified":"2022-04-21T17:02:33+00:00","breadcrumb":{"@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-news\/blind-sql-injection-exploit-in-yoast-plugin-2015\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-news\/blind-sql-injection-exploit-in-yoast-plugin-2015\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-news\/blind-sql-injection-exploit-in-yoast-plugin-2015\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.inmotionhosting.com\/support\/"},{"@type":"ListItem","position":2,"name":"Blind SQL Injection Exploit in &#8220;WordPress SEO Plugin by Yoast&#8221; (2015)"}]},{"@type":"WebSite","@id":"https:\/\/www.inmotionhosting.com\/support\/#website","url":"https:\/\/www.inmotionhosting.com\/support\/","name":"InMotion Hosting Support Center","description":"Web Hosting Support &amp; Tutorials","publisher":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inmotionhosting.com\/support\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.inmotionhosting.com\/support\/#organization","name":"InMotion Hosting","url":"https:\/\/www.inmotionhosting.com\/support\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/","url":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg","contentUrl":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg","width":696,"height":696,"caption":"InMotion Hosting"},"image":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/inmotionhosting\/","https:\/\/x.com\/InMotionHosting"]},{"@type":"Person","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/d850efb28ef3573db7d24b0d8fa9eaed","name":"Scott Mitchell","url":"https:\/\/www.inmotionhosting.com\/support\/author\/scott\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"primary_category":null,"_links":{"self":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts\/3520","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/comments?post=3520"}],"version-history":[{"count":2,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts\/3520\/revisions"}],"predecessor-version":[{"id":96136,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts\/3520\/revisions\/96136"}],"wp:attachment":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/media?parent=3520"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/categories?post=3520"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/tags?post=3520"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}