Threat Level: green Handler on Duty: Russ McRee

SANS ISC: Blind SQL Injection against WordPress SEO by Yoast SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Blind SQL Injection against WordPress SEO by Yoast

WordPress has released an advisory for the WordPress plugin SEO by Yoast. Version up to and including 1.7.3.3 can be exploited with a blind SQL injection. According to WordPress, this plugin has more than one million downloads. A description of the SQL injection with proof of concept is described here and the latest update is available here.

[1] https://wordpress.org/plugins/wordpress-seo/
[2] https://downloads.wordpress.org/plugin/wordpress-seo.1.7.4.zip
[3] https://wpvulndb.com/vulnerabilities/7841

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Guy

472 Posts
ISC Handler
Mar 13th 2015

Sign Up for Free or Log In to start participating in the conversation!