197 matches found
CVE-2025-14481
The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object References in all versions up to, and including, 26.5. This is due to insufficient authorization checks in the Meta Search REST API endpoint that fail to verify post ownership. This makes it possible for authenticated...
CVE-2025-14481
The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object References in all versions up to, and including, 26.5. This is due to insufficient authorization checks in the Meta Search REST API endpoint that fail to verify post ownership. This makes it possible for authenticated...
EUVD-2025-209950
The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object References in all versions up to, and including, 26.5. This is due to insufficient authorization checks in the Meta Search REST API endpoint that fail to verify post ownership. This makes it possible for authenticated...
CVE-2025-14481
The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object References in all versions up to, and including, 26.5. This is due to insufficient authorization checks in the Meta Search REST API endpoint that fail to verify post ownership. This makes it possible for authenticated...
CVE-2025-14481 Yoast SEO <= 26.5 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via 'post_id' Parameter
The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object References in all versions up to, and including, 26.5. This is due to insufficient authorization checks in the Meta Search REST API endpoint that fail to verify post ownership. This makes it possible for authenticated...
WordPress plugin Yoast SEO 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin <= 26.5 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure vulnerability
Insecure Direct Object Reference to Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by NumeX in WordPress Plugin Yoast SEO versions = 26.5...
WordPress Yoast SEO plugin <= 27.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'jsonText' Block Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'jsonText' Block Attribute vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Yoast SEO versions = 27.1.1...
EUVD-2026-14273
The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the jsonText block attribute in all versions up to, and including, 27.1.1 due to insufficient input sanitization and output escaping. This makes it possib...
CVE-2026-3427
The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is affected by CVE-2026-3427: Stored Cross-Site Scripting via the jsonText block attribute in all versions up to 27.1.1. The vulnerability stems from insufficient input sanitization and output escaping. With...
CVE-2026-3427
The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the jsonText block attribute in all versions up to, and including, 27.1.1 due to insufficient input sanitization and output escaping. This makes it possib...
CVE-2026-3427 Yoast SEO <= 27.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'jsonText' Block Attribute
The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the jsonText block attribute in all versions up to, and including, 27.1.1 due to insufficient input sanitization and output escaping. This makes it possib...
CVE-2026-3427 Yoast SEO <= 27.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'jsonText' Block Attribute
The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the jsonText block attribute in all versions up to, and including, 27.1.1 due to insufficient input sanitization and output escaping. This makes it possib...
PT-2026-26964
The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the jsonText block attribute in all versions up to, and including, 27.1.1 due to insufficient input sanitization and output escaping. This makes it possib...
WordPress plugin Yoast SEO 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
📄 Yoast SEO 22.5 Cross Site Scripting
These are details relating a cross site scripting vulnerability in Yoast SEO versions 22.5 and below that was originally discovered in 2024. CVE-2024-4041 Yoast SEO /?page=%22%20onmouseover%3D%22alertdocument.domain%22%20x%3D%22 3. In the admin bar, open the Yoast menu and hover/click Get Yoast S...
Exploit for CVE-2024-4041
CVE-2024-4041 Yoast SEO /?page=%22%20onmouseover%3D%...
CVE-2026-1293
The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the yoast-schema block attribute in all versions up to, and including, 26.8 due to insufficient input sanitization and output escaping. This makes it...
CVE-2026-1293 Yoast SEO <= 26.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'yoast-schema' Block Attribute
The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the yoast-schema block attribute in all versions up to, and including, 26.8 due to insufficient input sanitization and output escaping. This makes it...
CVE-2026-1293
CVE-2026-1293 affects the WordPress Yoast SEO plugin (versions prior to 26.9, i.e., up to 26.8) with a Stored Cross‑Site Scripting vulnerability in the yoast-schema block attribute. The root cause is insufficient input sanitization and output escaping, enabling authenticated attackers with Contri...