A blind SQL injection vulnerability was discovered today in the popular WordPress SEO plugin by Yoast. WPScanVulnerability Database issued an advisory after responsibly disclosing the vulnerability to the plugin’s author: The latest version at the time of writing (1.7.3.3) has been found to be affected by two authenticated (admin, editor or author user) Blind SQL Injection vulnerabilities. The authenticated Blind SQL Injection vulnerability can be found within the ‘admin/class-bulk-editor-list-table.php’ file. The orderby and order GET parameters are not sufficiently sanitized before being used within a SQL query. Yoast was quick to respond with a patch and released version 1.7.4 with the following security fix: Fixed possible CSRF and blind SQL injection vulnerabilities in bulk editor. Added strict sanitation to order_by and order params. Added extra nonce checks on requests sending additional parameters. Minimal capability needed to access the bulk editor is now Editor. Thanks Ryan Dewhurst from WPScan for discovering and responsibly disclosing this issue. Immediate Update Advised Users running the most recent version are advised to update immediately. If you’re using Jetpack on all
Share This