Lucene search

Sybre WaaijerPATCHSTACK:9B7221BF243BC3C05A382848166AF232

HistoryJul 10, 2019 - 12:00 a.m.

WordPress Yoast SEO plugin 1.2.0-11.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

2019-07-1000:00:00

Sybre Waaijer

patchstack.com

122

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Authenticated Stored Cross-Site Scripting (XSS) vulnerability found by Sybre Waaijer in WordPress Yoast SEO plugin (versions 1.2.0-11.5).

Solution

           Update the WordPress Yoast SEO plugin to the latest available version (at least 11.6).

CPENameOperatorVersion
yoast seole11.5

CPE	Name	Operator	Version
	yoast seo	le	11.5

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Related for PATCHSTACK:9B7221BF243BC3C05A382848166AF232