WordPress SEO by Yoast <= 18.104.22.168 – Blind SQL Injection
WordPress SEO by Yoast is a popular WordPress plugin (wordpress-seo) used to improve the Search Engine Optimization (SEO) of WordPress sites. The latest version at the time of writing (22.214.171.124) has been found to be affected by two authenticated (admin, editor or author user) Blind SQL Injection vulnerabilities. The plugin has more than one million downloads according to WordPress.
The authenticated Blind SQL Injection vulnerability can be found within the ‘admin/class-bulk-editor-list-table.php’ file. The orderby and order GET parameters are not sufficiently sanitised before being used within a SQL query. For more information and a PoC please visit WPVULNDB.
I highly recommend updating the Plugin a.s.a.p. (when using it) to version 1.7.4 which has this exploit fixed. I noticed first attempts in my logs already, which doesn’t suprise me really as this exploit is in the wild now. Thank god i decided to upgrade WordPress SEO by Yoast a while ago. I always was reluctant as Yoast is known to have somewhat short update intervals.