A day before yesterday, WordPress updated over 1 million Yoast Plugins citing virus attack and vulnerability. They said that over a millions website were at risk of being hacked, so this immediate update was inevitable. The company added that the SEO plug-in, used by over 14 million blogs, was vulnerable to a serious blind SQL injection attack.
The vulnerability was so severe that it allowed attackers to manipulate a site’s database injecting malicious code into the source code. A security researcher has discovered this blind SQL injection vulnerability that affected versions 220.127.116.11 and older of WordPress SEO by Yoast.
The WordPress said:
This morning we released an update to our WordPress SEO plugin (both free and premium) that fixes a security issue. A bit more details follow below, but the short version of this post is simple: update. Now. Although you might find your WordPress install has already updated for you.
Because of the seriousness of the threat, WordPress worked with Yoast to a automatically push updates to those using his plugin. This is how update took place:
- running on 1.7 or higher, you’ll have been auto-updated to 1.7.4.
- If you were running on 1.6.*, you’ll have been updated to 1.6.4.
- If you were running on 1.5.*, you’ll have been updated to 1.5.7.
If you're using any version lower than that, your website won't be updated automatically.
-WordPress Updated Yoast SEO Plugins