20 matches found
EUVD-2026-37579
Missing Authorization vulnerability in Yoast BV Yoast SEO Premium allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Yoast SEO Premium: from n/a through 26.6...
CVE-2026-40722
Missing Authorization vulnerability in Yoast BV Yoast SEO Premium allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Yoast SEO Premium: from n/a through 26.6...
CVE-2026-40722
CVE-2026-40722 : Missing Authorization vulnerability in Yoast SEO Premium for WordPress (plugin
CVE-2026-40722 WordPress Yoast SEO Premium plugin <= 26.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in Yoast BV Yoast SEO Premium allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Yoast SEO Premium: from n/a through 26.6...
Exploit for CVE-2024-4041
CVE-2024-4041 Yoast SEO /?page=%22%20onmouseover%3D%...
CVE-2025-11241
The Yoast SEO Premium plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 25.7 to 25.9 due to a flawed regex used to remove an attribute in post content, which can be abused to inject arbitrary HTML attributes, including JavaScript event handlers. This vulnerability allo...
EUVD-2025-32218
Malicious code in bioql PyPI...
EUVD-2023-32410
Malicious code in bioql PyPI...
CVE-2025-11241
The Yoast SEO Premium plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 25.7 to 25.9 due to a flawed regex used to remove an attribute in post content, which can be abused to inject arbitrary HTML attributes, including JavaScript event handlers. This vulnerability allo...
CVE-2025-11241
The CVE CVE-2025-11241 (Yoast SEO Premium for WordPress) is a stored XSS vulnerability affecting plugin versions 25.7–25.9. It stems from a flawed regex used to strip an attribute in post content, enabling an attacker with Contributor or higher rights to inject arbitrary HTML attributes, includin...
CVE-2025-11241 Yoast SEO Premium 25.7-25.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Yoast SEO Premium plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 25.7 to 25.9 due to a flawed regex used to remove an attribute in post content, which can be abused to inject arbitrary HTML attributes, including JavaScript event handlers. This vulnerability allo...
CVE-2025-11241 Yoast SEO Premium 25.7-25.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Yoast SEO Premium plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 25.7 to 25.9 due to a flawed regex used to remove an attribute in post content, which can be abused to inject arbitrary HTML attributes, including JavaScript event handlers. This vulnerability allo...
WordPress Yoast SEO Premium plugin 25.7-25.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin Yoast SEO Premium versions 25.7-25.9...
WordPress plugin Yoast SEO Premium 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
CVE-2023-28775
Missing Authorization vulnerability in Yoast Yoast SEO Premium.This issue affects Yoast SEO Premium: from n/a through 20.4...
CVE-2023-28775
CVE-2023-28775 affects Yoast SEO Premium (WordPress plugin) up to version 20.4. The issue is Missing Authorization / Broken Access Control allowing unauthenticated actions (Zapier API key reset). Patch 20.5 fixes it. Recommend upgrading to Yoast SEO Premium 20.5 or later and validating API key co...
CVE-2023-28775 WordPress Yoast SEO Premium plugin <= 20.4 - Unauthenticated Zapier API Key Reset vulnerability
Missing Authorization vulnerability in Yoast Yoast SEO Premium.This issue affects Yoast SEO Premium: from n/a through 20.4...
CVE-2023-28775 WordPress Yoast SEO Premium plugin <= 20.4 - Unauthenticated Zapier API Key Reset vulnerability
Missing Authorization vulnerability in Yoast Yoast SEO Premium.This issue affects Yoast SEO Premium: from n/a through 20.4...
WordPress plugin Yoast SEO Premium security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress Yoast SEO Premium Plugin <= 20.4 is vulnerable to Broken Access Control
Software Yoast SEO Premium Type Plugin Vulnerable versions = 20.4 Fixed in 20.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-28775 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 5c54141d1cb7 Credits Rafie Muhammad Patchstack...