Yesterday news came out that the single most popular third-party piece of SEO software was vulnerable to a serious blind SQL injection attack. Yoast's WordPress SEO plugin that is reportedly used by 14 million SEO blogs was vulnerable.
Joost de Valk from Yoast announced last night that because of the seriousness of the exploit, WordPress worked with him to automatically push updates to those using his plugin. He said:
Because of the severity of the issue, the WordPress.org team put out a forced automatic update (thanks!). If you didn’t specifically disable those and you were:
- running on 1.7 or higher, you’ll have been auto-updated to 1.7.4.
- If you were running on 1.6.*, you’ll have been updated to 1.6.4.
- If you were running on 1.5.*, you’ll have been updated to 1.5.7.
If you are on an older version, we can’t auto-update you, but you should really update for tons of reasons. Of course you should really move to 1.7.4 as soon as you can anyway.
Either way, if you are using WordPress and Yoast, you should check to make sure you are on the latest version. Now that this exploit is out there, you don't want people to jump on it.
Forum discussion at WebmasterWorld and Twitter.
