Security flaw in WordPress plugin Google Analytics by Yoast exposed
This could allow for arbitrary server-side code execution through the plugin or WordPress theme editors. In addition, Pynnonen says an attacker could change admin passwords, create their own accounts or take over a website through the security flaw.
Downloaded almost seven million times, Google Analytics by Yoast is a popular plugin which integrates Google’s Analytics services into a WordPress site, and also adds additional functions including error page tracking, outbound click rates and downloads. Yoast is available in free and premium versions.
Yoast was notified on March 18, and the company responded by rapidly deploying a new version of the plugin, 5.3.3, the next day. If you use the plugin and have not visited your website to grab this update, it is recommended you do so now.