Early morning when my mobile was flashing for the notification, I just opened my email. When I went through the email and my eyes were stopped at the email from Wordfence. The email was something like Yoast SEO vulnerability in version 3.2.4. I went through the email. I got to jump from email to Wordfence blog and went on reading the complete blog post. You can also read the entire blog post on the Wordfence site.
After reading the blog post about Yoast SEO vulnerability, I thought it was not that high-risk vulnerability. But anything that comes to the security, it can not be taken lightly. As described by Wordfence Yoast SEO had below vulnerability.
above are the ajax action created by Yoast SEO plugin which draws the information from the site. Using the above ajax action anyone can get the sensitive data from the site. Getting sensitive information from a site is a normal process but should be limited to the administrative privilege only.
Do you need to be worried anymore ?
The simple answer to the above question is no. If you have no user registration in your site and you are using Yoast SEO version 3.2.4. It can not do the serious damage. Although it is always handy to use the latest version of all plugins. If you are using user registration on your site, go get an update for Yoast SEO 3.2.5, who knows hackers might be eying your sensual information. They can just register as a subscriber and pull out the necessary details to play with your content.
Just sit back and relax. Since Yoast SEO vulnerability is rectified in an updated version 3.2.5, you just need an update for the plugin and can enjoy the seamless usage of SEO. If you are already a premium member you have been protected from all kind of threat.