CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/27 4:28 a.m.•5 views

EUVD-2025-209950

CVE•added 2026/05/27 4:28 a.m.•12 views

CVE-2025-14481

The CVE concerns the WordPress Yoast SEO plugin (versions up to and including 26.5). The root cause is insufficient authorization checks in the Meta Search REST API endpoint, which fails to verify post ownership. This allows authenticated attackers with Contributor-level access or higher to read ...

Vulnrichment•added 2026/05/27 4:28 a.m.•3 views

CVE-2025-14481 Yoast SEO <= 26.5 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via 'post_id' Parameter

Cvelist•added 2026/05/27 4:28 a.m.•25 views

CVE-2025-14481 Yoast SEO <= 26.5 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via 'post_id' Parameter

4.3CVSS0.00032EPSS

ATTACKERKB•added 2026/05/27 4:28 a.m.•3 views

CVE-2025-14481

Positive Technologies•added 2026/05/27 12:0 a.m.•5 views

PT-2026-43491

CNNVD•added 2026/05/27 12:0 a.m.•3 views

WordPress plugin Yoast SEO 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.3CVSS5.9AI score0.00032EPSS

Patchstack•added 2026/05/26 3:59 p.m.•5 views

WordPress Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin <= 26.5 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by NumeX in WordPress Plugin Yoast SEO versions = 26.5...

4.3CVSS5.8AI score0.00032EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/03/26 3:12 p.m.•0 views

CVE-2026-3427

The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the jsonText block attribute in all versions up to, and including, 27.1.1 due to insufficient input sanitization and output escaping. This makes it possib...

RedhatCVE•added 2026/03/26 3:10 p.m.•1 views

Exploits0References1

CVE-2026-1217

The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clonebulkactionhandler and republishrequest functions in all versions up to, and including, 4.5. This makes it possible for authenticated attackers, with...

5.4CVSS5.8AI score0.00037EPSS

Exploits0References1

Patchstack•added 2026/03/23 8:10 p.m.•1 views

WordPress Yoast SEO plugin <= 27.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'jsonText' Block Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'jsonText' Block Attribute vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Yoast SEO versions = 27.1.1...

6.4CVSS5.8AI score0.00048EPSS

Exploits0References1Affected Software1

EUVD•added 2026/03/22 6:30 a.m.•1 views

EUVD-2026-14273

NVD•added 2026/03/22 4:16 a.m.•1 views

CVE-2026-3427

6.4CVSS0.00048EPSS

CVE•added 2026/03/22 3:26 a.m.•28 views

CVE-2026-3427

The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is affected by CVE-2026-3427: Stored Cross-Site Scripting via the jsonText block attribute in all versions up to 27.1.1. The vulnerability stems from insufficient input sanitization and output escaping. With...

ATTACKERKB•added 2026/03/22 3:26 a.m.•1 views

CVE-2026-3427

Cvelist•added 2026/03/22 3:26 a.m.•30 views

CVE-2026-3427 Yoast SEO <= 27.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'jsonText' Block Attribute

6.4CVSS0.00048EPSS