Skip to main content

Yoast Seo

8 CVEs product

Monthly

CVE-2023-40680 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Yoast Yoast SEO allows Stored XSS.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Yoast Seo
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2023-32300 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Yoast Seo
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-28785 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Yoast Seo
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2021-36788 PHP MEDIUM PATCH This Month

The yoast_seo (aka Yoast SEO) extension before 7.2.3 for TYPO3 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Yoast Seo
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-31779 PHP MEDIUM PATCH This Month

The yoast_seo (aka Yoast SEO) extension before 7.2.1 for TYPO3 allows SSRF via a backend user account. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Yoast Seo
NVD
CVSS 3.1
6.4
EPSS
0.5%
CVE-2021-24153 MEDIUM POC This Month

A Stored Cross-Site Scripting vulnerability was discovered in the Yoast SEO WordPress plugin before 3.4.1, which had built-in blacklist filters which were blacklisting Parenthesis as well as several. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Yoast Seo
NVD WPScan
CVSS 3.1
5.4
EPSS
1.1%
CVE-2019-13478 CRITICAL Act Now

The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in term descriptions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Yoast Seo
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2018-19370 MEDIUM POC This Month

A Race condition vulnerability in unzip_file in admin/import/class-import-settings.php in the Yoast SEO (wordpress-seo) plugin before 9.2.0 for WordPress allows an SEO Manager to perform command. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Race Condition WordPress Information Disclosure PHP Yoast Seo
NVD GitHub
CVSS 3.0
6.6
EPSS
3.2%
EPSS 0% CVSS 5.9
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Yoast Yoast SEO allows Stored XSS.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Yoast Seo
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Yoast Seo
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Yoast Seo
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The yoast_seo (aka Yoast SEO) extension before 7.2.3 for TYPO3 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Yoast Seo
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

The yoast_seo (aka Yoast SEO) extension before 7.2.1 for TYPO3 allows SSRF via a backend user account. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Yoast Seo
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A Stored Cross-Site Scripting vulnerability was discovered in the Yoast SEO WordPress plugin before 3.4.1, which had built-in blacklist filters which were blacklisting Parenthesis as well as several. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Yoast Seo
NVD WPScan
EPSS 3% CVSS 9.8
CRITICAL Act Now

The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in term descriptions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Yoast Seo
NVD GitHub
EPSS 3% CVSS 6.6
MEDIUM POC This Month

A Race condition vulnerability in unzip_file in admin/import/class-import-settings.php in the Yoast SEO (wordpress-seo) plugin before 9.2.0 for WordPress allows an SEO Manager to perform command. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Race Condition WordPress Information Disclosure +2
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy