WordPress Yoast SEO plugin <= 27.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'jsonText' Block Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'jsonText' Block Attribute vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Yoast SEO versions = 27.1.1...

CVE-2026-3427

The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the jsonText block attribute in all versions up to, and including, 27.1.1 due to insufficient input sanitization and output escaping. This makes it possib...

CVE-2026-3427 Yoast SEO <= 27.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'jsonText' Block Attribute

The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the jsonText block attribute in all versions up to, and including, 27.1.1 due to insufficient input sanitization and output escaping. This makes it possib...

CVE-2026-3427

The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the jsonText block attribute in all versions up to, and including, 27.1.1 due to insufficient input sanitization and output escaping. This makes it possib...

CVE-2026-3427 Yoast SEO <= 27.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'jsonText' Block Attribute

The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the jsonText block attribute in all versions up to, and including, 27.1.1 due to insufficient input sanitization and output escaping. This makes it possib...

CVE-2026-3427

The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is affected by CVE-2026-3427: Stored Cross-Site Scripting via the jsonText block attribute in all versions up to 27.1.1. The vulnerability stems from insufficient input sanitization and output escaping. With...

WordPress plugin Yoast SEO 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-26964

The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the jsonText block attribute in all versions up to, and including, 27.1.1 due to insufficient input sanitization and output escaping. This makes it possib...