Security News > 2015 > March > Critical hole in popular WordPress SEO plugin allows SQLi, site hijacking (Help Net Security)

Critical hole in popular WordPress SEO plugin allows SQLi, site hijacking (Help Net Security)

2015-03-13 10:26

Another highly popular WordPress plugin has been found sporting a cross-site request forgery flaw that can be exploited to mount a blind SQL injection attack, and could also lead to an attacker gainin...

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/Y8NB8Hzgrr0/secworld.php

#wordpress #critical #hijacking #security

Related news

Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing (source)
WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks (source)
WordPress Security Checklist (source)
CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
Security plugin flaw in millions of WordPress sites gives admin access (source)
Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites (source)
Major security audit of critical FreeBSD components now available (source)

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Wordpress		49	36	408	104	29	577
Plugin		2	0	13	0	0	13

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.