If you’re currently using the WordPress SEO plugin by Yoast, we recommend immediately updating the plugin on all your sites to version 1.7.4.
After a blind SQL injection vulnerability was discovered today, the Yoast team immediately put out a patch with a security fix.
WordPress SEO by Yoast is a popular WordPress plugin (wordpress-seo) used to improve the Search Engine Optimization (SEO) of WordPress sites. The latest version at the time of writing (126.96.36.199) has been found to be affected by two authenticated (admin, editor or author user) Blind SQL Injection vulnerabilities. The plugin has more than one million downloads according to WordPress.
While a few hosting companies like SiteGround have issued temporary fixes to protect their customers from this vulnerability, the best way to protect your site is by updating to the latest version (v.1.7.4).
Update The Plugin On All Your Sites Now with Sync
To update the WordPress SEO plugin on all your sites, Sync users can log in now to update. You can also manually update the plugin after logging in to your WordPress dashboard. You’ll see the 1.7.4 update available from your Updates menu.