This is a very timely post/announcement. You should pay attention if you are using one of my favorite plugins, “WordPress SEO by Yoast.”
First of all, if you are not familiar with this plugin, you need to check it out! THis pulgin does A LOT of things including helping oyu write better content, provides a page analysis, gives you technical WordPress Search Engine Optimization, XML Sitemaps, RSS Optimization, Breadcrumbs, you can edit your .htaccess and robots.txt files, and so much more!
Another great aspect of this plugin is that it is free! It will not cost you a penny! There is a premium/paid version if you want to get an upgrade, and there have been over 1+ Million active installs of the free version!
As announced on the the https://yoast.com/ website:
This morning we released an update to our WordPress SEO plugin (both free and premium) that fixes a security issue. A bit more details follow below, but the short version of this post is simple: update. Now. Although you might find your WordPress install has already updated for you.
What did we fix?
We fixed a CSRF issue that allowed blind SQL injection. The one sentence explanation for the not so technical: by having a logged-in author, editor or admin visit a malformed URL a malicious hacker could change your database. While this does not allow mass hacking of installs using this hole, it does allow direct targeting of a user on a website. This is a serious issue, which is why we immediately set to work to fix it when we were notified of the issue.
The good news is that if you are using it, update it!
This is a great example of reacting to a situation! As soon as the vulnerability was discovered, an update was released the same day! Thanks Joost and you team at Yoast for taking swift action!