Latest Blogs

News
We've been through a hard time during 2020 and thank you so much for being accompanied by us, as well as your great support. Let's say goodbye to 2020 and welcome the new year of 2021 with better things. Looking back to the old year, the team was wor...
454 Hits
News
Christmas and New Year 2021 are knocking on our doors. We've been through a busy and hard time of the year 2020. We would like to give you a big thank you for being accompanied by us for the whole year. It's time to enjoy our Christmas...
731 Hits
News
Hi guys, We're so pleased to announce a brand-new Joomla template recently released. It's Educab exclusively designed for any educational websites like courses, school, college, university, or academic institutions. It was developed to bring a f...
669 Hits
News
Hi guys, Black Friday is just around the corner. There is no doubt that this will be the best time of the year to invest your money in premium items at the least price. Therefore, you can have a chance to enhance your website to a new level by u...
1575 Hits
Articles
If you're planning to build a construction website for your companies or your clients, why not finding an ideal Joomla template to fit all your needs instead of spending a lot of money paying a professional for his job. Yes, I mean you can easily est...
1445 Hits
WordPress SEO By Yoast Vulnerability

WordPress SEO By Yoast Vulnerability

Million WordPress websites using WordPress SEO by Yoast may be at risk of being hacked by an critial vulnerability known as Blind SQL Injection.

This SQL Injection is executed based on the data interaction between users and Web Application. That Web Application fails to check data input values can allow outside hackers to trigger this vulnerability and execute the artribary SQL queries on victim WordPress Websites.

A Proof of Concept is provided by Ryan Dewhurst who has been discovered this Blind SQL Injection in his advisory:

http://victim-wordpress-website.com/wp-admin/admin.php?page=wpseo_bulk-editor&type=title&orderby=post_date%2c(select%20*%20from%20(select(sleep(10)))a)&order=asc

This link will cause SQL query to execute and sleep for 10 seconds if clicked on as an authenticated admin, editor or author user. When an author user become a victim, he will be tricked to click on a specially crafted link or a page which is controlled by attackers.

By this way, cybercriminals and hackers can interfere in victims’ database, change or even delete all important data. They are also able to send unsafety links or applications to attacked WordPress Websites. How terrible it is when a hacker compromise entire your site!

If you are having this plugin running on your WordPress site with version 1.7.3 or lower, upgrade your site as soon as possible with latest version of WordPress SEO by Yoast – version 1.7.4 to avoid and fix this serious security problem.

Tips to Install Jollyness Joomla Template Manually
How To Create Multilingual WordPress Site With WPM...

By accepting you will be accessing a service provided by a third-party external to https://www.templaza.com/