Latest Blogs

News
Dear beloved friends and fans!First of all, I hope you're staying healthy and staying safe in your place. The world has been experiencing a tough time because of the COVID-19 pandemic. As you know, TemPlaza did start the support c...
305 Hits
Articles
It is obvious that a great event website easily convinces potential attendees and effortlessly engages them to join your event. This is true for both event websites and other ones in other fields. So how can you create a perfect event website ...
440 Hits
Articles
Shopify is concerned as a leading eCommerce platform that offers such a bunch of stunning features to boost your business activities. Building a beautiful and attractive photo gallery is a good way to show off your products, dedicate works to visitor...
407 Hits
News
Hello guys,We are extremely excited to inform you that a new version of AutoShowroom WordPress Theme has already been released - version 1.9.3.Autoshowroom is known as an ultimate solution for car dealership websites. However, to make it become more ...
460 Hits
News
First and foremost, I hope you're doing well there and wish all the best for you and your family, as well as your beloved people. As we all know, the threat of Coronavirus is looming all over the world, which has not only had a negative influenc...
943 Hits
WordPress SEO By Yoast Vulnerability

WordPress SEO By Yoast Vulnerability

Million WordPress websites using WordPress SEO by Yoast may be at risk of being hacked by an critial vulnerability known as Blind SQL Injection.

This SQL Injection is executed based on the data interaction between users and Web Application. That Web Application fails to check data input values can allow outside hackers to trigger this vulnerability and execute the artribary SQL queries on victim WordPress Websites.

A Proof of Concept is provided by Ryan Dewhurst who has been discovered this Blind SQL Injection in his advisory:

http://victim-wordpress-website.com/wp-admin/admin.php?page=wpseo_bulk-editor&type=title&orderby=post_date%2c(select%20*%20from%20(select(sleep(10)))a)&order=asc

This link will cause SQL query to execute and sleep for 10 seconds if clicked on as an authenticated admin, editor or author user. When an author user become a victim, he will be tricked to click on a specially crafted link or a page which is controlled by attackers.

By this way, cybercriminals and hackers can interfere in victims’ database, change or even delete all important data. They are also able to send unsafety links or applications to attacked WordPress Websites. How terrible it is when a hacker compromise entire your site!

If you are having this plugin running on your WordPress site with version 1.7.3 or lower, upgrade your site as soon as possible with latest version of WordPress SEO by Yoast – version 1.7.4 to avoid and fix this serious security problem.

Tips to Install Jollyness Joomla Template Manually
How To Create Multilingual WordPress Site With WPM...