'WordPress SEO by Yoast' Plugin Vulnerability Affects Millions

vulnerability has been discovered in the popular plugin of WordPress content platform that puts tens of Millions of websites at risks of being hacked by the attackers..   The vulnerability resides in most versions of WordPress plugin known which has more than Million downloads making it one of the popular plugins of WordPress for easily optimizing websites for search engines i.e Search optimization ..   WordPress SEO by Yoast has been discovered by Ryan Dewhurst, developer of WordPress WPScan.   All the prior to 1.7.3.3 of ' WordPress SEO by Yoast are vulnerable to Blind SQL Injection flaw, according to advisory published today...   in this scenario, hacker ca not trigger this vulnerability which is authorized to be accessed by WordPress Admin, Editor or Author privileged users only..   Therefore, order to exploit this vulnerability, it's required to trigger the exploit from authorized users only.   this could allow the exploit to execute SQL queries on WordPress web site, to Graham Cluley..   Ryan also released proof-of-concept payload of Blind SQL Injection ' WordPress SEO by Yoast, which is as follows http victim-wordpress-website com wp-admin admin php page=wpseo bulk-editor&type=title&orderby=post date%2c ) ) ) &order=asc.   the vulnerability has been patched in the  version of WordPress SEO by Yoast  by Yoast WordPress plugin developers, that latest version has fixed CSRF and blind SQL vulnerabilities in bulk editor...   Therefore, WordPress administrators with disabled Auto-update feature are recommended to upgrade their WordPress SEO by Yoast plugin as soon as possible or they can download the version from WordPress plugin repository..   Read more