5 matches found
CVE-2026-1293
The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the yoast-schema block attribute in all versions up to, and including, 26.8 due to insufficient input sanitization and output escaping. This makes it...
CVE-2026-1293 Yoast SEO <= 26.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'yoast-schema' Block Attribute
The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the yoast-schema block attribute in all versions up to, and including, 26.8 due to insufficient input sanitization and output escaping. This makes it...
CVE-2026-1293
CVE-2026-1293 affects the WordPress Yoast SEO plugin (versions prior to 26.9, i.e., up to 26.8) with a Stored Cross‑Site Scripting vulnerability in the yoast-schema block attribute. The root cause is insufficient input sanitization and output escaping, enabling authenticated attackers with Contri...
EUVD-2026-5687
The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the yoast-schema block attribute in all versions up to, and including, 26.8 due to insufficient input sanitization and output escaping. This makes it...
PT-2026-6718
Name of the Vulnerable Software and Affected Versions Yoast SEO versions prior to 26.9 Description The Yoast SEO plugin for WordPress is affected by a Stored Cross-Site Scripting issue. Insufficient input sanitization and output escaping in the yoast-schema block attribute allows authenticated...