Notice: Undefined offset: 0 in /home/templaza/public_html/plugins/system/tz_guard/tz_guard/browser_detection.php on line 361

Deprecated: strpos(): Non-string needles will be interpreted as strings in the future. Use an explicit chr() call to preserve the current behavior in /home/templaza/public_html/plugins/system/tz_guard/tz_guard/browser_detection.php on line 618
WordPress SEO By Yoast Vulnerability - TemPlaza | Blog
TemPlaza

TemPlaza, the website built and improved by TemPlaza., JSC. We supply templates and other qualified applications on Joomla and WordPress.

Email: support@templaza.com

WordPress SEO By Yoast Vulnerability

WordPress SEO By Yoast Vulnerability

Million WordPress websites using WordPress SEO by Yoast may be at risk of being hacked by an critial vulnerability known as Blind SQL Injection.

This SQL Injection is executed based on the data interaction between users and Web Application. That Web Application fails to check data input values can allow outside hackers to trigger this vulnerability and execute the artribary SQL queries on victim WordPress Websites.

A Proof of Concept is provided by Ryan Dewhurst who has been discovered this Blind SQL Injection in his advisory:

http://victim-wordpress-website.com/wp-admin/admin.php?page=wpseo_bulk-editor&type=title&orderby=post_date%2c(select%20*%20from%20(select(sleep(10)))a)&order=asc

This link will cause SQL query to execute and sleep for 10 seconds if clicked on as an authenticated admin, editor or author user. When an author user become a victim, he will be tricked to click on a specially crafted link or a page which is controlled by attackers.

By this way, cybercriminals and hackers can interfere in victims’ database, change or even delete all important data. They are also able to send unsafety links or applications to attacked WordPress Websites. How terrible it is when a hacker compromise entire your site!

If you are having this plugin running on your WordPress site with version 1.7.3 or lower, upgrade your site as soon as possible with latest version of WordPress SEO by Yoast – version 1.7.4 to avoid and fix this serious security problem.

Tips to Install Jollyness Joomla Template Manually
How To Create Multilingual WordPress Site With WPM...
Comment for this post has been locked by admin.
 

Comments Comments

By accepting you will be accessing a service provided by a third-party external to https://www.templaza.com/

Login