Most of us are familiar with WordPress SEO by Yoast – one of the most popular plugins of the WordPress content management system (CMS). It is in fact the most downloaded plugin of WordPress as it facilitates easy optimization of websites for search engines.
But recently a serious vulnerability has been discovered in this plugin, due to which tens of millions of websites are at risk of being hacked by the attackers. It has been found that all the versions before 1.7.3.3 of WordPress SEO by Yoast are exposed to Blind SQL Injection (SQLi) web application flaw.
What is SQLi?
SQL injection is a code injection technique which is used to attack data-driven applications. Mostly known as attack vector for websites, SQLi is among the top 10 web application vulnerabilities.
Blind SQLi on the other hand is used when a web application is vulnerable to an SQL injection, but the results of the injection are not visible to the attacker. This type of attack is usually time-intensive as a new statement needs to be crafted for each bit which is recovered.
Read More @ Article Source http://goo.gl/m4CFI7
But recently a serious vulnerability has been discovered in this plugin, due to which tens of millions of websites are at risk of being hacked by the attackers. It has been found that all the versions before 1.7.3.3 of WordPress SEO by Yoast are exposed to Blind SQL Injection (SQLi) web application flaw.
What is SQLi?
SQL injection is a code injection technique which is used to attack data-driven applications. Mostly known as attack vector for websites, SQLi is among the top 10 web application vulnerabilities.
Blind SQLi on the other hand is used when a web application is vulnerable to an SQL injection, but the results of the injection are not visible to the attacker. This type of attack is usually time-intensive as a new statement needs to be crafted for each bit which is recovered.
Read More @ Article Source http://goo.gl/m4CFI7