[WordPress Security] Vulnerability in WordPress SEO by Yoast – Upgrade Immediate

Hi I love this plugin and refuse to abandon it but is this true? If so when will the upgrade be ready?

There is a vulnerability in WordPress SEO by Yoast. This is a CSRF vulnerability so is harder to exploit because it requires tricking an admin into loading a link from their own website where they’re logged in.

However it’s serious enough that we’re sending out an alert. Yoast has released a fix, so upgrade immediately. It’s worth noting that this is getting a lot of press, so awareness among hackers of this issue is spreading quickly. So please upgrade at your earliest convenience.

This is a link to the remainder of wordfence article / blog post regarding this threat…

Side note: The actual vulnerability is an SQL injection attack, but it requires admin privileges so the actual vector is likely a CSRF attack exploiting the SQL injection vulnerability.

Thanks and Have a great day!

Fish

https://www.ads-software.com/plugins/wordpress-seo/