Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Blind SQL Injection against WordPress SEO by Yoast

Published: 2015-03-13
Last Updated: 2015-03-13 00:34:18 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

WordPress has released an advisory for the WordPress plugin SEO by Yoast. Version up to and including 1.7.3.3 can be exploited with a blind SQL injection. According to WordPress, this plugin has more than one million downloads. A description of the SQL injection with proof of concept is described here and the latest update is available here.

[1] https://wordpress.org/plugins/wordpress-seo/
[2] https://downloads.wordpress.org/plugin/wordpress-seo.1.7.4.zip
[3] https://wpvulndb.com/vulnerabilities/7841

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Keywords: SEO WordPress Yoast
0 comment(s)
Diary Archives