If you’re running WP-SEO by Yoast…
Make sure your WordPress site has been updated!
There was a security risk identified and fixed by the WP-SEO plugin team which is important as all of our WordPress Blog Support Customers are running this plugin.
Here’s the official WordPress SEO Security update from Yoast.
WordPress SEO Security release • Yoast
This morning we released an update to our WordPress SEO plugin (both free and premium) that fixes a security issue. A bit more details follow below, but the short version of this post is simple: update. Now. Although you might find your WordPress install has already updated for you.
What did we fix?
We fixed a CSRF issue that allowed blind SQL injection. The one sentence explanation for the not so technical: by having a logged-in author, editor or admin visit a malformed URL a malicious hacker could change your database. While this does not allow mass hacking of installs using this hole, it does allow direct targeting of a user on a website. This is a serious issue, which is why we immediately set to work to fix it when we were notified of the issue.
If you are a WP Blog Support client your site has already been updated, if you don’t enjoy unlimited WordPress Support and are using WP-SEO from Yoast, please make sure to login as and admin and confirm that you are running the latest version
- running on 1.7 or higher, you’ll have been auto-updated to 1.7.4.
- If you were running on 1.6.*, you’ll have been updated to 1.6.4.
- If you were running on 1.5.*, you’ll have been updated to 1.5.7.
According to Yoast if you are running one of the older versions or Premium versions it’s important to make sure you’ve updated right away.
