WordPress has released an advisory for the WordPress plugin SEO by Yoast. Version up to and including 1.7.3.3 can be exploited with a blind SQL injection. According to WordPress, this plugin has more than one million downloads. A description of the SQL injection with proof of concept is described here and the latest update is available here. [1] https://wordpress.org/plugins/wordpress-seo/ ----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu |
Guy 522 Posts ISC Handler Mar 13th 2015 |
Thread locked Subscribe |
Mar 13th 2015 7 years ago |
Sign Up for Free or Log In to start participating in the conversation!