A critical cross-site scripting (XSS) vulnerability has been discovered in the popular Yoast SEO WordPress plugin, potentially putting over 5 million websites at risk of compromise.
This flaw was discovered by security researcher Bassem Essam and reported through the Wordfence Bug Bounty Program.
The reflected XSS vulnerability exists in all Yoast SEO versions up to 22.5 due to insufficient input sanitization and output escaping.
Integrate ANY.RUN in-house for effective malware analysis
Are you from the SOC, threat research, or DFIR sector? If so, join our online community of 400,000 independent security researchers.
- Real-time detection
- Interactive malware analysis
- Easy to learn for new security team members
- Get detailed reports with maximum data
- Setting up virtual machines on Linux and all Windows OS versions
- Interact safely with malware
If you want to access the sandbox completely free and test all these features right now, here's how:
This allows an unauthenticated attacker to inject malicious script into a WordPress page via the plugin's URL parameter. When an administrator accesses the crafted URL, the injected script runs in the browser session.
A successful exploit could allow the attacker to create a rogue administrator account, inject a backdoor in theme or plugin files, redirect visitors to the malicious site, and gain complete control over a vulnerable WordPress site. The advisory states that there is a possibility that
This attack requires tricking an administrator into clicking on a malicious link. Yoast has released version 22.6 with a patch to address this security hole.
All websites using Yoast SEO are required to be updated immediately. According to WordPress.org, this plugin is active on over 5 million WordPress installations.
On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free
.
Web security company Wordfence has added firewall rules to protect users from attempts to exploit this flaw.
They awarded Bassem Essam a $563 bug bounty for reporting this vulnerability.
“This vulnerability requires a user to click a link to exploit, and we urge site administrators and users to follow security best practices and avoid clicking links from untrusted sources.” , said Ram Gall, QA engineer at developer Defiant. word fence.
This is a particularly impactful vulnerability because Yoast SEO is the most popular WordPress plugin for search engine optimization.
Website owners using this plugin should update to version 22.6 or later as soon as possible.
Administrators also recommend checking the site for signs of suspicious activity.
This incident highlights the importance of keeping WordPress plugins up to date and the important role that bug bounty programs play in disclosing vulnerabilities responsibly.
You can read more about this flaw and the timeline for its discovery and patching on the Wordfence blog.
Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide