On March 11, 2015 the WordPress SEO by Yoast was discovered to have a Blind SQL Injection vulnerability. Yoast fixed the issue immediately:
"We fixed a CSRF issue that allowed blind SQL injection. The one sentence explanation for the not so technical: by having a logged-in author, editor or admin visit a malformed URL a malicious hacker could change your database. While this does not allow mass hacking of installs using this hole, it does allow direct targeting of a user on a website. This is a serious issue, which is why we immediately set to work to fix it when we were notified of the issue."
We strongly recommend that you update this plugin if you have it on your WordPress site. It is possible WordPress has already updated it for you, but check to be certain. For those who added the plugin after March 11, 2015, the fix will already be implemented.
We value your feedback!
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
new! - Enter your name and email address above and we will post your feedback in the comments on this page!