CVE-2015-2292

Name of the Vulnerable Software and Affected Versions WordPress SEO by Yoast plugin versions 1.5.7 and earlier, 1.6.x before 1.6.4, 1.7.x before 1.7.4

Description The issue allows remote authenticated users to execute arbitrary SQL commands via the order by or order parameter in the "wpseo bulk-editor" page to "wp-admin/admin.php". This can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.

Recommendations For WordPress SEO by Yoast plugin version 1.5.7 and earlier, update to version 1.5.7 or later. For WordPress SEO by Yoast plugin version 1.6.x before 1.6.4, update to version 1.6.4 or later. For WordPress SEO by Yoast plugin version 1.7.x before 1.7.4, update to version 1.7.4 or later.