Unrated severityNVD Advisory· Published Mar 17, 2015· Updated May 6, 2026

CVE-2015-2293

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remote attackers to hijack the authentication of certain users for requests that conduct SQL injection attacks via the (1) order_by or (2) order parameter in the wpseo_bulk-editor page.

Affected products

Yoast/Wordpress Seo11 versions
cpe:2.3:a:yoast:wordpress_seo:*:*:*:*:*:wordpress:*:*+ 10 more
- cpe:2.3:a:yoast:wordpress_seo:*:*:*:*:*:wordpress:*:*range: <=1.5.6
- cpe:2.3:a:yoast:wordpress_seo:1.6.0:*:*:*:*:wordpress:*:*
- cpe:2.3:a:yoast:wordpress_seo:1.6.1:*:*:*:*:wordpress:*:*
- cpe:2.3:a:yoast:wordpress_seo:1.6.2:*:*:*:*:wordpress:*:*
- cpe:2.3:a:yoast:wordpress_seo:1.6.3:*:*:*:*:wordpress:*:*
- cpe:2.3:a:yoast:wordpress_seo:1.7.1:*:*:*:*:wordpress:*:*
- cpe:2.3:a:yoast:wordpress_seo:1.7.2:*:*:*:*:wordpress:*:*
- cpe:2.3:a:yoast:wordpress_seo:1.7.3:*:*:*:*:wordpress:*:*
- cpe:2.3:a:yoast:wordpress_seo:1.7.3.1:*:*:*:*:wordpress:*:*
- cpe:2.3:a:yoast:wordpress_seo:1.7.3.2:*:*:*:*:wordpress:*:*
- cpe:2.3:a:yoast:wordpress_seo:1.7.3.3:*:*:*:*:wordpress:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/130811/WordPress-SEO-By-Yoast-1.7.3.3-SQL-Injection.htmlnvdExploit
seclists.org/fulldisclosure/2015/Mar/73nvdExploit
www.securitytracker.com/id/1031920nvdExploit
yoast.com/wordpress-seo-security-release/nvdVendor Advisory
wordpress.org/plugins/wordpress-seo/changelog/nvd
wpvulndb.com/vulnerabilities/7841nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000