Decisions Made with Data.

WordPress SEO by Yoast Vulnerability

//  by //  Leave a Comment

Updated May 31, 2022

Reading Time: 2 minutes

Millions of Websites Affected

If you’re a frequent reader of our blog, you probably know that the WordPress SEO by Yoast plugin is one of our favorites. When we heard about its vulnerability yesterday, we immediately updated all the websites under our control. If you’re running any version of this plugin prior to 1.7.3.3, read this post and download the latest version… now!

2025 Business Website Checklist

Name(Required)
Privacy(Required)
Stay Informed
This field is for validation purposes and should be left unchanged.

Learn More

In this Free eBook:

  • Learn website requirements
  • Configure technical settings
  • Improve user-experience
  • Do optimization & Tracking

Vulnerable to Blind SQL Injection

This sounds scary… and it is. SQL injections (SQLi) vulnerabilities are ranked as critical; it can cause a database breach of confidential information. There are hefty fines associated with breaches, especially with regard to non-public consumer information (e.g., names, email address) and financial details.

With a blind SQL injection, a hacker can insert a “malformed SQL query” into an application via a client-side input. In other words, this means it gains access via authorized protocols by infected admin users. Want to understand all the technical details? The Hacker News recaps it nicely, giving credit to Ryan Dewhurst, developer of WPScan.

WordPress SEO by Yoast Patched

The good news is WordPress by Yoast has been updated, patching this latest vulnerability. When I choose a plugin, developer responsiveness (i.e., updates, support, change logs) is at the top of my criteria list. Yoast still has my vote, however I’m sure he’s feeling a lot of pressure at the moment. He has literally millions of websites running his plugin. This is a blow to his credibility, and WordPress users are watching. Closely.

If you disabled WordPress updates, immediately go to the plugin repository and download 1.7.4.

If you aren’t regularly updating your WordPress website (we’re currently running 4.1.1) you have even bigger issues, in my opinion. Your website is open to many other vulnerabilities. Updating WordPress SEO by Yoast is just one of your security problems. Read this article about why updating your WP installation should be an ongoing maintenance item. If you need help, just let me know.

Have you lost confidence in Yoast?

About Massimo Paolini

Massimo is Co-CEO and Chief Data Scientist. On the web since the 90’s and a Google Partner since 2014, his expertise includes technical SEO, search marketing, marketing analytics/analysis, and online advertising. Massimo has an innate ability to sift through a sea of data, uncovering insights that formulate results-oriented strategies. He has taught Digital Marketing, Google Ads and SEO at UC Berkeley Extension since 2014—and presented at international search marketing conferences like SMXL in Milan.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *