CVE-2015-2293

Name of the Vulnerable Software and Affected Versions WordPress SEO by Yoast plugin versions prior to 1.5.7 WordPress SEO by Yoast plugin versions 1.6.x prior to 1.6.4 WordPress SEO by Yoast plugin versions 1.7.x prior to 1.7.4

Description The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities in the WordPress SEO by Yoast plugin. These vulnerabilities allow remote attackers to hijack the authentication of certain users for requests that conduct SQL injection attacks. The order by and order parameters in the wpseo bulk-editor page are specifically vulnerable to such attacks.

Recommendations For WordPress SEO by Yoast plugin versions prior to 1.5.7, update to version 1.5.7 or later. For WordPress SEO by Yoast plugin versions 1.6.x prior to 1.6.4, update to version 1.6.4 or later. For WordPress SEO by Yoast plugin versions 1.7.x prior to 1.7.4, update to version 1.7.4 or later.