Critical Vulnerability in WordPress SEO Plugin by Yoast

A critical vulnerability has been found in the popular WordPress SEO plugin by Yoast, allowing users with author, editor, or administrator rights to perform SQL injection on a WordPress site. After discovering a vulnerability in the plugin yesterday afternoon, the WPScan Team immediately contacted the author/developer. An update to the plugin was released the very… Continue reading Critical Vulnerability in WordPress SEO Plugin by Yoast

Critical vulnerability in User Role Editor plugin

The popular User Role Editor plugin allows WordPress site owners to manage user roles and privileges. In the new version 4.25, the plugin developer has fixed a critical vulnerability. A vulnerability in User Role Editor versions below 4.61 allows attackers to gain administrator rights. At the same time, the attacker needs to have an account… Continue reading Critical vulnerability in User Role Editor plugin

Critical vulnerability in Jetpack plugin

The development team behind the popular Jetpack plugin has released a new version 10.5 that fixes a vulnerability found in previous versions of the plugin. We recommend that all Jetpack users upgrade immediately. Jetpack is one of the most popular plugins for WordPress. It includes a large number of modules, from creating galleries and posting… Continue reading Critical vulnerability in Jetpack plugin