Latest Blogs

Articles
We're so pleased to inform you about the recent update on Profiler 2.0.0 that is a Joomla template designed to create a personal blog, online resume, CV, and personal portfolio website. It means it's absolutely suitable for copywriter, designer,...
45 Hits
News
One of our regular tasks at TemPlaza is updating products and giving our customers the latest technology to run their website smoothly. That's why, accompanying with introducing new features, we often fix all known issues. Today, we are excited to in...
375 Hits
News
Hello beloved customers, Good news for today is that Meetup Conference & Event WordPress Theme version 1.7.5 has already released and you can download it to update your website. In this new version, we have included some minor fixes as well as th...
361 Hits
News
Hello guys,  We are so excited to announce that the Aventura Travel & Tour Booking System WordPress Theme Version 1.9.4 has already been available for download on Themeforest. In this new version, we have added some minor fixes and upda...
314 Hits
Articles
If you're in the need of building a new website for your car dealership firm or just redesigning the current one about car service to enhance a professional-looking, attractive and modern performance, you have already landed the right place. Bui...
441 Hits
WordPress SEO By Yoast Vulnerability

WordPress SEO By Yoast Vulnerability

Million WordPress websites using WordPress SEO by Yoast may be at risk of being hacked by an critial vulnerability known as Blind SQL Injection.

This SQL Injection is executed based on the data interaction between users and Web Application. That Web Application fails to check data input values can allow outside hackers to trigger this vulnerability and execute the artribary SQL queries on victim WordPress Websites.

A Proof of Concept is provided by Ryan Dewhurst who has been discovered this Blind SQL Injection in his advisory:

http://victim-wordpress-website.com/wp-admin/admin.php?page=wpseo_bulk-editor&type=title&orderby=post_date%2c(select%20*%20from%20(select(sleep(10)))a)&order=asc

This link will cause SQL query to execute and sleep for 10 seconds if clicked on as an authenticated admin, editor or author user. When an author user become a victim, he will be tricked to click on a specially crafted link or a page which is controlled by attackers.

By this way, cybercriminals and hackers can interfere in victims’ database, change or even delete all important data. They are also able to send unsafety links or applications to attacked WordPress Websites. How terrible it is when a hacker compromise entire your site!

If you are having this plugin running on your WordPress site with version 1.7.3 or lower, upgrade your site as soon as possible with latest version of WordPress SEO by Yoast – version 1.7.4 to avoid and fix this serious security problem.

Tips to Install Jollyness Joomla Template Manually
How To Create Multilingual WordPress Site With WPM...

By accepting you will be accessing a service provided by a third-party external to https://www.templaza.com/