WordPress Plugin Security Update: FancyBox and WordPress SEO

News

WordPress SEO by Yoast

According to thewhir.com, millions of WordPress installations are at risk of blind SQL injection through the WordPress SEO plugin by Yoast. For a detailed technical description of the vulnerability, click here. In short, version 1.7.3.3 and older are vulnerable and considered very risky. The issue was resolved in version 1.4. If you are running WordPress SEO, please make sure it is up-to-date ASAP. You may refer to the same WordPress.org guide on managing plugins, or you may click here for Yoast’s own instructions.

FancyBox for WordPress

This vulnerability may allow for a SQL injection attack or a privilege escalation attack. Both are quite serious and could allow a malicious user to interfere with your software and/or content. Click here for more information.

There is also a statement on WordPress.org about this issue and the need to update the plugin:
https://wordpress.org/plugins/fancybox-for-wordpress/faq/

Beyond the recommendations outlined above, please also take a moment to look over your domains for any possible negative side effects of using either of the aforementioned plugins. It is also a good idea to review your WordPress user list to check for any signs that an outside party has gained access.

Website slow? Need a new design? Need updates to your CMS or plug ins? Want to add e-commerce? Is your site optimized for search engines?

Contact me for a Web Design Consultation