WordPress SEO by Yoast – dxw advisories

No issues found

Last revised: September 9, 2014

Confidence: Medium
This plugin has been given a short, targeted code review.

We didn't find anything worrying in this plugin. It's probably safe. Read more about this recommendation.

This recommendation applies to version 1.5.6 of this plugin, but the most recent version is 23.9. These findings may no longer be correct.

This plugin stores a list of files to be deleted in an option, meaning anybody able to set the value of serialised options can delete arbitrary files. However WordPress doesn’t allow admins to modify serialised options so this shouldn’t be considered a vulnerability: modifying this data would either require direct access to the database or a SQL injection via another vulnerability.
No other issues found