Last Updated: 2015-03-13 00:34:18 UTC
by Guy Bruneau (Version: 1)
WordPress has released an advisory for the WordPress plugin SEO by Yoast. Version up to and including 18.104.22.168 can be exploited with a blind SQL injection. According to WordPress, this plugin has more than one million downloads. A description of the SQL injection with proof of concept is described here and the latest update is available here.
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu