Yoast SEO Premium Updates to Patch Critical Security Flaw

Security padlock — Image credit: Yoast

AMSTERDAM — Yoast SEO Premium released version 27.6.1 on Tuesday, which includes a critical security patch addressing a vulnerability in its Redirect Manager component, urging users to update immediately.

The vulnerability could allow authenticated users with specific permissions to inject malicious configurations into a website’s .htaccess file, potentially leading to site crashes or remote code execution, according to a statement from Yoast.

The security flaw specifically impacts users running Apache servers who have manually configured .htaccess redirect methods and are utilizing Yoast SEO Premium, Yoast WooCommerce SEO, or Yoast SEO AI+ plugins.

Yoast stated that the patch introduces enhanced input sanitization, removes an unused and vulnerable endpoint, and incorporates an in-plugin warning system to alert users.

The company emphasized that while the risk is specific to certain server configurations and user permissions, all users should update to version 27.6.1 as a precautionary measure.

Yoast reported it had found no evidence of exploitation in sampled sites, suggesting the vulnerability has not been actively abused.

The update is considered essential for maintaining site integrity and preventing potential compromise for those meeting the identified risk conditions.

Source: Yoast