Millions of WordPress sites may be exposed to a Blind SQL Injection vulnerability due to a security hole in the very popular Yoast SEO plugin,
All the versions prior to 126.96.36.199 of ‘WordPress SEO by Yoast’ are vulnerable to Blind SQL Injection web application flaw, according to an advisory published on Wednesday (11th March).
Forced automatic update
According to a release on March 11 from Yoast:
“Because of the severity of the issue, the WordPress.org team put out a forced automatic update. If you didn’t specifically disable those and you were:
running on 1.7 or higher, you’ll have been auto-updated to 1.7.4.
If you were running on 1.6.*, you’ll have been updated to 1.6.4.
If you were running on 1.5.*, you’ll have been updated to 1.5.7.
If you are on an older version, we can’t auto-update you, but you should really update for tons of reasons. Of course you should really move to 1.7.4 as soon as you can anyway.“