WordPress and Yoast SEO users: If you do not have the most recent version of the Yoast SEO plugin, grab it now. Last Friday, it was discovered that Yoast SEO versions 3.2.4 and earlier would allow anyone who has “subscriber” level access to your WordPress site to download your Yoast SEO settings.
What this means is that it would be easy for someone to get into open sites to access your potentially confidential SEO settings just by creating an account and exploiting the vulnerability.
The bug was reported last week and has already been patched. However, it does affect all earlier versions of the plugin, so it is highly recommended that you upgrade to ensure that you do not expose your Yoast SEO data to unscrupulous snoops.
The plugin can be downloaded from the WordPress plugin repository or directly from Yoast’s website.
Comments