One of the most popular WordPress plugins is having critical security vulnerability making every WordPress website using the plugin potentially insecure.
The vulnerability in WordPress SEO by Yoast has been discovered by the developer of the WordPress vulnerability scanner “WPScan” – Ryan Dewhurst. It has been marked as critical because every website using the plugin is vulnerable to Blind SQL Injection which could provide third party users with access to your MySQL database.
The vulnerability has been detected in most versions of the “WordPress SEO by Yoast” which according to the official WordPress plugin repository has been downloaded by more than 14 Million times.
In one of the latest blog posts the developers of the plugin announced that they have already released new version of the plugin where they have patched the security vulnerability. The latest version of the plugin is labeled as (1.7.4) and can be downloaded directly from the official WordPress plugin repository of from the website of it’s developers:
Developers site: https://yoast.com/wordpress/plugins/seo/
Official WordPress plugin repository: https://wordpress.org/plugins/wordpress-seo/
Last but not least we strongly recommend to all of our customers using the “WordPress SEO by Yoast” plugin to make sure it is properly upgraded to it’s latest version in order to prevent such issues with their website.