Yoast Announces Week of Horrors to a Close with New Patch

By HTMLGoodies Staff

With a popular plugin of over 6.8 million downloads, Yoast said there have been no public exploits since the exploit was exposed. The plugin monitors website traffic, providing site administrators with page view numbers and other trending data. Pynnonen explained in an advisory posted to the Full Disclosure mailing list that an attacker can store malicious JavaScript or HTML in the WordPress Administrator Dashboard and that code could be triggered by merely viewing the Yoast plugin settings panel. All of this can be accomplished without authentication. Read the full details here.

Make a Comment

Loading Comments...

  • Web Development Newsletter Signup

    Invalid email
    You have successfuly registered to our newsletter.

    By submitting your information, you agree that htmlgoodies.com may send you HTMLGOODIES offers via email, phone and text message, as well as email offers about other products and services that HTMLGOODIES believes may be of interest to you. HTMLGOODIES will process your information in accordance with the Quinstreet Privacy Policy.

Thanks for your registration, follow us on our social networks to keep up-to-date