Update WordPress SEO by Yoast straight away
WordFence reported a vulnerability in WordPress SEO by yoast on 12 March 2015.
The full article can be found here.
“It looks like this may be the new normal we’re working with: Where vulnerability disclosure happens on the same day as a fix is released by the vendor. I’d love to hear your thoughts in the comments, whether your’e a plugin author, WordPress admin or anyone else involved or concerned about WordPress security.
What to do: Upgrade immediately to version 1.7.4 of WordPress SEO by Yoast which contains the fix.”
Explanation by WordFence
The vulnerability is a SQL injection attack that needs admin access to be exploited. To the layman, this sounds like it’s unexploitable, but these kinds of security holes are usually exploited via a cross-site request forgery (CSRF) which tricks an admin into loading a link from their own website (where they’re logged in as admin) which then exploits the vulnerability using the admin’s privileges.