46 Comments

  1. Keith Davis

    All done… just updated…. out of breath…

    Report

  2. Jonathan Riddle

    I am a tad confused as my site says I am running WordPress SEO Premium v1.5.3 and I just updated to the latest version. Is this only affecting the free version on WordPress and not the paid for version. The free version is at 1.7.4

    Report

  3. Jonathan Riddle

    Just says SEO premium and for $300 I am hoping that the update I was just notified of in the dashboard is more recent than 1 year old. Only subscribed maybe 5 months or so.

    Report

  4. Jonathan Riddle

    Ah right. Found on another website that the Premium version has also been updated to 1.5.3 which is the update I ran. Phew! It throws a bit of confusion with the different free and premium versions and numbers so hopefully this can help others. https://mobile.twitter.com/Yoast_Updates/status/575667450420817921

    Report

  5. Rahul Yadav (@rahulyadavblog)

    All plugins have the potential to be hacked. So, the less plugins you use on your site, the better.

    Report

    • markk5

      not sure if this is trolling or just lack of knowledge. The number of plugins has no correlation to security risk. Usually the major factor is complexity which is usually manifested in the number of lines of code (which is very not reliable way to estimate this kind of things, but probably the best there is).

      Report

  6. karks88

    So far I’ve seen that the hosting companies my clients use have automatically updated this for us. Saves me a lot of pain!

    Report

  7. Backups

    Hi

    Thanks for letting us know…. but i had some weird experience. I have auto update disabled in the wp-config.php and no jetpack or plugin installed to update plugins automatically. But guess what the plugin was already updated to version 1.7.4.

    I want to know what initiated that auto update as i dont want anything auto updating in my website. WordPress should never oull this on any website if it is disabled.

    Anybody else having this experience?

    Report

  8. Backups

    I had auto Updates Disabled. And still it installed. That is the whole point.

    Report

  9. Miroslav Glavić

    Joost should of ASKED us and let us do the updates. Forcing an update is like violating our websites. If there is this window for updates, what if it gets hacked and hacker inserts stuff into our websites?

    Report

  10. Fran

    If I have free plugin Seo Yoast between 1.5 and 1.7.3.3 version, I do not need to update? This is important, because if you have many sites with version of WP under 3.9, these sites can not be updated to the latest version of the plugin…

    Report

    • Backups

      Hi

      I think you need to update or use another seo plugin like the all in one seo plugin as the issue in the yoast plugin exists as he stated himselve since version 1.5+ of the wordpress seo plugin which was released march 2014. That is how long this vulnerability exists already and we have been at risk of getting sql code injected into our websites.

      Report

    • Samuel "Otto" Wood

      Fran: Yes, you do need to update. You also should update WP while you’re at it.

      Report

    • Peter Cralen (@PeterCralen)

      Fran you have outdated WordPress and you are concerned about updating your SEO plugin?

      Report

      • Backups

        As Fran stated “This is important, because if you have many sites with version of WP under 3.9, these sites can not be updated to the latest version of the plugin…”

        He must have a reason to keep on running on 3.9 as apparently something he is running is not updated to run on the latest wp i guess.

        Report

        • Fran

          That’s it. I can not run some themes in last version of WP. For example, I am running some themes on 3.8 version of WP, but I can not update WP because then Theme will crash, and I will have to remake the web (and this thing for many sites is impossible..).

          Report

      • Fran

        Yes Peter, I have outdated WP and I can not update. Then, if Yoast doesn’t support version of WP like 3.8, 3.7, 3.6 etc… I can not update plugin Seo Yoast… And the only plugin I have found about export Seo Yoast to All in one Seo plugin dosen’t work very well (SEO Data Transporter)… I am lost… (And I think I am not the only one..)

        Report

  11. David McCan

    Thank you WordPress core team for pushing the fix.

    I logged into my site yesterday and did not see any plugin updates pending. I checked WordPress SEO and it was on the latest version. I was a bit bewildered. Then I read about the pushed update by the WordPress core team. I was surprised but not angry. A notice on the dashboard when I logged in would have been nice so that I knew that it had been updated and how.

    I’m fine that the plugin was updated automatically. I realize that with pushed updates there is the potential that a mistake or incompatibility is introduced, but when millions of website are vulnerable then the actual live threat seems to out-weigh the small possible risk.

    Report

  12. Kevin

    Just here for the comments :)

    Report

  13. Fran

    I think this is the answer: https://yoast.com/wordpress-seo-security-release/ but Yoast have not clarified if versions like 1.5.7 is a good version and it solves the problem… We hope his response..

    Report

  14. Rahul Biswal

    I have already updated the Yoast SEO plugin on all my WordPress. Thanks for keeping the users updated about this vulnerability.

    Report

  15. Tomas M.

    Looks like WPTavern this time is a bit late with the newsL

    A security flaw in the popular WordPress plugin Google Analytics by Yoast allows hackers to execute arbitrary code and take over administrator accounts.

    Revealed on Thursday by Finnish security researcher Jouko Pynnonen on Full Disclosure, the plugin’s security issue allows an unauthenticated attacker to store arbitrary HTML, including JavaScript, in the WordPress administrator’s Dashboard on the target system — and which is triggered when an admin views the plugin’s settings panel.

    Report

  16. SearchUp

    Thankfully WordPress SEO 2.0 has now been released by Yoast :)

    Get upgrading, folks!

    Report

  17. Geld Verdienen

    Good and fast response. Nice already a great new version has been released. WordPress SEO rocks!

    Report

  18. Tabby

    Immediately updated mine after finding out about this. Hope everybody got theirs updated right away. I commend the Yoast SEO plugin team for the quick response.

    Report

Comments are closed.

%d bloggers like this: