MalCare’s Atomic Security Thwarts Attacks Exploiting Critical Yoast SEO XSS Vulnerability 


7-layers of Security for Your WordPress Site

Your website needs the most comprehensive security to protect it from the constant attacks it faces everyday.

A serious cross-site scripting (XSS) vulnerability has been discovered in the Yoast SEO plugin, where attackers can compromise a website if a site administrator accidentally opens a malicious file or clicks a dangerous link. All it takes for an attack to be triggered is for a user to hover over the Yoast logo in the admin menu bar, a simple action that could lead to a serious security breach.

MalCare has been consistently defending WordPress sites against various types of cyber threats, including zero-day vulnerabilities. So when attacks exploiting the Yoast SEO XSS vulnerability were discovered, MalCare’s Atomic Security firewall proactively blocked them, showcasing how essential it is when it comes to website security.

Given the simplicity with which the vulnerability could be exploited—and the immense popularity of Yoast—it is crucial to address the problem immediately. Hence, we advise all website owners, whether they use MalCare or not, to update the Yoast SEO plugin immediately.

What is the Yoast SEO plugin vulnerability?

Plugin information

  • Vulnerable plugin version: v22.5 and earlier
  • Patch release version: v22.6 and newer

Yoast SEO is the most popular search engine optimization plugin in the WordPress ecosystem with over 10 million active users. It provides a wide range of features to improve the SEO of both the content and technical aspects of a site, like SEO analysis, content insights, XML sitemap generation, etc.

About the vulnerability

The Yoast SEO plugin for WordPress has a Reflected Cross-Site Scripting (XSS) vulnerability in all versions up to and including 22.5. This issue occurs because the plugin does not adequately sanitize input and escape output in URLs. Consequently, this flaw allows unauthenticated attackers to inject arbitrary web scripts into pages. These scripts can then execute if the attacker deceives a user into actions such as clicking a misleading link.

The Yoast SEO plugin uses the add_premium_link() function within the WPSEO_Admin_Bar_Menu class to insert a premium promotion link into the WordPress admin bar.

Upon inspection of the code, it was seen that there is no escaping implemented at the build_shortlink() function of the WPSEO_Shortlinker class, which is responsible for returning the link’s value.

This function subsequently calls the build() function from the Short_Link_Helper class.

Here, the build() function appends various values to $url, collected via the collect_additional_shortlink_data() function.

Notably, the screen data is assigned based on the page GET input value. Unfortunately, this scenario allows an attacker to inject a malicious payload through the page parameter, leading to its execution when a user hovers over the Yoast logo in the admin menu bar.

The vulnerability has now been fixed with the release of Yoast SEO plugin v22.6 on April 30, 2024.

Who discovered this vulnerability?

The Yoast SEO XSS vulnerability was discovered by independent WordPress security researcher Bassem Essam, who reported it to Wordfence’s Bug Bounty Program. Consequently, Wordfence informed Team Yoast, the plugin developer, on April 26, 2024, following which a patch was released on April 30, 2024.

How is your WordPress site at risk?

Your WordPress site could be in danger if you are using Yoast SEO plugin version 22.5 or earlier. Hackers can take advantage of XSS vulnerabilities to do harmful things, such as:

  • Injecting malicious scripts to launch phishing or clickjacking attacks, or redirect your visitors to unapproved websites.
  • Using compromised websites as headquarters for conducting larger attacks, which could lead to these websites being blacklisted by search engines like Google.
  • Installing backdoors to re-infect websites that have been previously cleaned of malware.
  • Creating unauthorized admin accounts that give them complete control over the affected websites.
  • Accessing and stealing sensitive data like user credentials and personal information from databases.

These vulnerabilities can also harm your website’s reputation, reduce visitors’ trust, and cause significant drops in SEO rankings if not addressed quickly. Therefore, we strongly recommend you update your Yoast SEO plugin on your WordPress site to version 22.6 or later immediately.

How to protect your site?

To effectively safeguard your WordPress site from potential security risks such as the Yoast SEO XSS vulnerability, it’s essential to take proactive measures:

  • Start with a MalCare scan: Install MalCare to quickly eliminate any existing malware and strengthen your site’s defenses using its Atomic Security feature. Conducting this initial scan ensures your site is free from threats as you begin to fortify it.
  • Update plugins and themes: Regularly check and update your plugins and themes, as outdated versions often contain vulnerabilities that hackers can exploit. MalCare’s dashboard can alert you to outdated components, assisting you in keeping your software contemporary and secure.
  • Update WordPress salts and security keys: This critical step will end all current sessions and log out users, significantly boosting your site’s security. MalCare streamlines this process as part of its thorough cleanup routine.
  • Check user roles and permissions: Periodically examine the roles and permissions given to your site’s users. If any irregularities are found, quickly adjust or remove privileges to help prevent unauthorized access.
  • Change login details: Immediately update your administrator password and ensure all user sessions are ended. Encourage other users to change their passwords as well and to select strong, new passwords for enhanced security.
  • Enhance login security: Implement two-factor authentication (2FA) and establish limits on login attempts. These steps provide an extra layer of security, making it more difficult for unauthorized access to occur.
  • Monitor your site continuously: With MalCare, continuous monitoring of your site for any suspicious activities is straightforward. It constantly scans for unusual activities and quickly notifies you of potential threats, ensuring you can react swiftly to secure your site.

How does MalCare secure your site?

In addition to Atomic Security, MalCare enhances the protection of your WordPress site with a suite of crucial features:

  • Quick malware detection and cleanup: MalCare conducts daily scans to proactively search for malware across your site. If malware is detected, its powerful removal tool quickly eliminates the threat, helping to restore and maintain the health of your site.
  • Vulnerability notifications: MalCare keeps a vigilant watch over your plugins and themes for any signs of vulnerabilities. Upon detecting any issues, it promptly notifies you, allowing you to swiftly strengthen your site’s defenses.
  • Bot defense: Aware of the negative impact bots can have on site performance, MalCare implements strong measures to fend off these automated threats, ensuring your site runs efficiently.
  • Efficient backups: MalCare’s automated, offsite backup solution prepares you for any contingency. Should any issues surface, these backups facilitate a quick and effective restoration.

MalCare wraps your WordPress site in a continuous shield of protection, merging proactive measures with robust defenses to secure your online presence relentlessly.


You may also like

Website logs
What are the Different Types of Website Logs?

Imagine driving a car without knowing your speed, engine temperature, or fuel levels. Sounds terrifying, right? Well, managing a website without understanding website logs is a bit like that. You…

What is Cross-Site Scripting (XSS) and How to Prevent It?

Websites can sometimes act strangely, showing unexpected pop-ups or exposing personal information. This isn’t just a glitch—it’s often due to a sneaky trick called Cross-Site Scripting (XSS). You might be…

How can we help you?

If you’re worried that your website has been hacked, MalCare can help you quickly fix the issue and secure your site to prevent future hacks.

My site is hacked – Help me clean it

Clean your site with MalCare’s AntiVirus solution within minutes. It will remove all malware from your complete site. Guaranteed.

Secure my WordPress Site from hackers

MalCare’s 7-Layer Security Offers Complete Protection for Your Website. 300,000+ Websites Trust MalCare for Total Defence from Attacks.