According to a latest news,
the popular Yoast SEO
WordPress Plugin has a major
vulnerability that makes a
website susceptible to blind
SQL injections. This is a very
popular plugin that is used by
over 14 million websites.
Reportedly, all versions of
SEO by Yoast prior to 1.7.3.3
are vulnerable to Blind SQL
Injection web application
flaw. This is an alarming
news for those that use this
plugin, because it could
seriously compromise the
data on their website.
According to Mohit Kumar of
Hacker News:
“Basically in SQLi
attack, an attacker
inserts a malformed
SQL query into an
application via
client-side input.
However, in this
scenario, an outside
hacker can’t trigger
this vulnerability
itself because the
flaw actually
resides in the
‘admin/class-bulk-
editor-list-table.php’
file, which is
authorized to be
accessed by
WordPress Admin,
Editor or Author
privileged users
only.
Therefore, in order
to successfully
exploit this
vulnerability, it is
required to trigger
the exploit from
authorized users
only. This can be
achieved with the
help of social
engineering, where
an attacker can
trick authorized
user to click on a
specially crafted
payload exploitable
URL.”
So in other words, WordPress
admins can be tricked into
clicking on links that would
then trigger an SQLi attack.
After the attack, the attacker
could then add their own
admin account to the
vulnerable WordPress site
and do whatever they want
with it.
Everyone who has SEO by
Yoast installed is not going to
be automatically affected by
this. The attack can only be
manually triggered by a
WordPress admin, editor, or
author who clicks on a
dangerous link created by the
attacker.
In addition, this is something
that can easily fixed by
updating your plugin to the
latest version. The Yoast
team promptly patched the
exploit upon being notified,
and the newest version
(1.7.4) is said to fix the
problem. The Premium
version of the plugin has also
been updated.
Security fix: fixed
possible CSRF and
blind SQL injection
vulnerabilities in
bulk editor. Added
strict sanitation to
order_by and order
params. Added
extra nonce checks
on requests sending
additional
parameters.
Minimal capability
needed to access
the bulk editor is
now Editor. Thanks
Ryan Dewhurst
from WPScan for
discovering and
responsibly
disclosing this
issue.
In the future, you can have
plugin updates taken care of
automatically by going to the
Manage > Plugins & Themes
> Auto Updates tab. It is
strongly recommended that
you update all SEO and
security plugins on your
websites as soon as possible.
Stay safe!
No comments:
Post a Comment