Plugin inspection:

Yoast SEO

Use with caution

Last revised:

Confidence: Medium
This plugin has been given a short, targeted code review.

Before using this plugin, you should carefully consider these findings. Read more about this recommendation.

Warnings

This recommendation applies to version 7.2 of this plugin, but the most recent version is 24.0. These findings may no longer be correct.

Findings

  • At over 31,000 lines of PHP, this is a very large plugin and a light-touch inspection such as this cannot be expected to find all potential issues
  • Uses unserialize() and maybe_unserialize() in several places, also contains classes with methods that would be useful when performing PHP object injection (i.e. __toString())
  • Uses addcslashes() to escape string values in SQL

Reason for the 'Use with caution' result

The plugin contains or is likely to contain a vulnerability which could be exploited by a privileged user to affect the site’s confidentiality, integrity or availability in a manner exceeding their privileges:

  • Uses addcslashes() to escape string values in SQL

Failure criteria

  • Lack of proper output escaping
  • Very large codebase

Read more about our failure criteria.