Plugin inspection:

WordPress SEO by Yoast

No issues found

Last revised:

Confidence: Medium
This plugin has been given a short, targeted code review.

We didn't find anything worrying in this plugin. It's probably safe. Read more about this recommendation.

Warnings

This recommendation applies to version 1.5.6 of this plugin, but the most recent version is 15.3. These findings may no longer be correct.

Findings

  • This plugin stores a list of files to be deleted in an option, meaning anybody able to set the value of serialised options can delete arbitrary files. However WordPress doesn’t allow admins to modify serialised options so this shouldn’t be considered a vulnerability: modifying this data would either require direct access to the database or a SQL injection via another vulnerability.
  • No other issues found