Vulnerability in Yoast SEO

Less than 3 days after WordPress core pushed a security update fixing some vulnerabilities comes another security release this time for Yoast SEO plugin. We use this plugin on all of our SEO customers websites and it is immensely popular among website owners with over 1 million active installs.

On Tuesday Panagiotis Vagenas from WordFence Security discovered a security hole in the plugin that would allow any user level within WordPress to access the import and export features of the plugin. In effect this could allow a commenter on your site to download your Yoast SEO settings, change a few things and upload new ones.

This security hole is not dangerous to your website however it could be used to cause harm to your search rankings and undo months of SEO work on your website.

As always with WordPress security if you are a Pink Mac Group managed hosting customer the updates have been taken care of for you. If you are not a managed hosting customer please update Yoast SEO to version 3.2.5 or above immediately within your WordPress admin under Dashboard > Updates.

Comments