Would you like to react to this message? Create an account in a few clicks or log in to continue.

Log in

SEO Geek NZ is a community of SEOs from around Aotearoa New Zealand. Here you can help Kiwis and get help from Kiwi professionals.


descriptionShort Pixel and Yoast SEO Plugins Security Issues (May 2023) EmptyShort Pixel and Yoast SEO Plugins Security Issues (May 2023)

more_horiz
This week there were two plugins that had security vulnerabilities and both were reported to be medium.

Shortpixel Adaptive Images Plugin

The ShortPixel Adaptive Images plugin for WordPress has a security flaw in versions up to 3.7.1. This vulnerability is related to a missing security check on the 'shortpixel_ai_handle_page_action' ajax action. As a result, attackers who are not authorized can modify plugin settings by creating a fake request. They can do this by deceiving a site administrator into taking an action, such as clicking a link.


Yoast SEO Plugin

The Yoast SEO plugin extensions, the Premium Extension v20.4 or lower had broken access control and the extension Local Plugin with cross-site request forgery.

A patch was released for the premium extension however no updates on the Local extension from Yoast.

Sources:
1. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/shortpixel-adaptive-images/shortpixel-adaptive-images-371-cross-site-request-forgery-via-shortpixel-ai-handle-page-action
2. https://patchstack.com/database/vulnerability/wordpress-seo-premium/wordpress-yoast-seo-premium-plugin-20-4-unauthenticated-zapier-api-key-reset-vulnerability
3. https://patchstack.com/database/vulnerability/wpseo-local/wordpress-yoast-seo-local-plugin-14-8-cross-site-request-forgery-csrf-vulnerability

Last edited by Admin on Thu May 11, 2023 8:38 am; edited 2 times in total (Reason for editing : added ref links)

descriptionShort Pixel and Yoast SEO Plugins Security Issues (May 2023) EmptyRe: Short Pixel and Yoast SEO Plugins Security Issues (May 2023)

more_horiz
These plugins are usually patched as soon as the vulnerabilities are found. I wouldn't be too concerned and keep the plugins updated at all times.
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum
power_settings_newLogin to reply