Rajesh Kumar

WordPress Updated Millions Of Yoast SEO Plugins Automatically

Rajesh Kumar | Mar 13th, 2015 | Web Development
WordPress Updated Millions Of Yoast SEO Plugins Automatically

A day before yesterday, WordPress updated over 1 million Yoast Plugins citing virus attack and vulnerability. They said that over a millions website were at risk of being hacked, so this immediate update was inevitable. The company added that the SEO plug-in, used by over 14 million blogs, was vulnerable to a serious blind SQL injection attack.

The vulnerability was so severe that it allowed attackers to manipulate a site’s database injecting malicious code into the source code. A security researcher has discovered this blind SQL injection vulnerability that affected versions and older of WordPress SEO by Yoast.

The WordPress said:

This morning we released an update to our WordPress SEO plugin (both free and premium) that fixes a security issue. A bit more details follow below, but the short version of this post is simple: update. Now. Although you might find your WordPress install has already updated for you.

Because of the seriousness of the threat, WordPress worked with Yoast to a automatically push updates to those using his plugin. This is how update took place:

  • running on 1.7 or higher, you’ll have been auto-updated to 1.7.4.
  • If you were running on 1.6.*, you’ll have been updated to 1.6.4.
  • If you were running on 1.5.*, you’ll have been updated to 1.5.7.

If you're using any version lower than that, your website won't be updated automatically.

-WordPress Updated Yoast SEO Plugins

Comments are closed.