Lucene search
K

334 matches found

Nuclei
Nuclei
added 11 hours ago66 views

Yoast SEO 16.7-17.2 - Information Disclosure

Yoast SEO plugin 16.7 to 17.2 is susceptible to information disclosure, The plugin discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints, which can help an attacker identify other vulnerabilities or help during the exploitation of other identified...

5.3CVSS6.2AI score0.05632EPSS
Exploits1References5
NVD
NVD
added 2026/07/02 12:17 p.m.6 views

CVE-2026-57764

Contributor Cross Site Scripting XSS in Surbma | Yoast SEO Breadcrumb Shortcode = 1.2 versions...

6.5CVSS0.00139EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:16 a.m.32 views

CVE-2026-57764 WordPress Surbma | Yoast SEO Breadcrumb Shortcode plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting XSS in Surbma | Yoast SEO Breadcrumb Shortcode = 1.2 versions...

6.5CVSS0.00139EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:16 a.m.10 views

CVE-2026-57764

Contributor Cross Site Scripting XSS in Surbma | Yoast SEO Breadcrumb Shortcode = 1.2 versions...

6.5CVSS5.8AI score0.00139EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 11:16 a.m.21 views

CVE-2026-57764

CVE-2026-57764 : Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Surbma | Yoast SEO Breadcrumb Shortcode, affecting versions

6.5CVSS5.8AI score0.00139EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/02 9:21 a.m.8 views

WordPress Surbma | Yoast SEO Breadcrumb Shortcode plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Surbma | Yoast SEO Breadcrumb Shortcode versions = 1.2...

6.5CVSS5.8AI score0.00139EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.10 views

PT-2026-55051

Name of the Vulnerable Software and Affected Versions Surbma | Yoast SEO Breadcrumb Shortcode versions prior to 1.3 Description Cross Site Scripting XSS allows an attacker with contributor privileges to execute malicious scripts in the browser of other users. XSS is a security flaw where an...

6.5CVSS6AI score0.00139EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/17 6:35 p.m.13 views

EUVD-2026-37579

Missing Authorization vulnerability in Yoast BV Yoast SEO Premium allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Yoast SEO Premium: from n/a through 26.6...

5.5CVSS5.3AI score0.00188EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.10 views

CVE-2026-40722

Missing Authorization vulnerability in Yoast BV Yoast SEO Premium allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Yoast SEO Premium: from n/a through 26.6...

5.5CVSS0.00188EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 8:40 a.m.28 views

CVE-2026-40722

CVE-2026-40722 : Missing Authorization vulnerability in Yoast SEO Premium for WordPress (plugin

5.5CVSS5.2AI score0.00188EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 8:40 a.m.33 views

CVE-2026-40722 WordPress Yoast SEO Premium plugin <= 26.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Yoast BV Yoast SEO Premium allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Yoast SEO Premium: from n/a through 26.6...

5.5CVSS0.00188EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 12:32 a.m.13 views

EUVD-2026-36141

Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice...

5.4CVSS5.6AI score0.00141EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 10:17 p.m.12 views

CVE-2026-53740

Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice...

5.4CVSS0.00141EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 8:39 p.m.11 views

CVE-2026-53740 Yoast Duplicate Post through 4.6 Stored Cross-Site Scripting via Scheduled Republish Notice

Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice...

5.4CVSS5.6AI score0.00141EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 8:39 p.m.33 views

CVE-2026-53739 Yoast Duplicate Post through 4.6 Cross-Site Request Forgery via duplicate_post_dismiss_notice

Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicatepostdismissnotice handler, which verifies no nonce or capability. Attackers can trick any authenticated user into sending a request that sets the duplicatepostshownotice site option, suppressing...

5.1CVSS0.00104EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 8:39 p.m.34 views

CVE-2026-53740 Yoast Duplicate Post through 4.6 Stored Cross-Site Scripting via Scheduled Republish Notice

Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice...

5.4CVSS0.00141EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 8:39 p.m.34 views

CVE-2026-53739

CVE-2026-53739 affects the WordPress plugin Yoast Duplicate Post up to version 4.6. The issue is a cross-site request forgery in the duplicate_post_dismiss_notice handler that does not verify a nonce or capability. This allows an attacker to trick an authenticated user into issuing a request that...

5.1CVSS5.2AI score0.00104EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 8:39 p.m.11 views

CVE-2026-53739 Yoast Duplicate Post through 4.6 Cross-Site Request Forgery via duplicate_post_dismiss_notice

Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicatepostdismissnotice handler, which verifies no nonce or capability. Attackers can trick any authenticated user into sending a request that sets the duplicatepostshownotice site option, suppressing...

5.1CVSS5.2AI score0.00104EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 8:39 p.m.31 views

CVE-2026-53740

The CVE-2026-53740 entry describes a stored cross-site scripting flaw in Yoast Duplicate Post (through 4.6) where an unescaped post title and permalink is injected into the Classic Editor scheduled republish notice. Attackers can craft a title to cause script execution when an administrator views...

5.4CVSS5.6AI score0.00141EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.18 views

PT-2026-48554

Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice...

5.4CVSS5.6AI score0.00141EPSS
Exploits0References3
Rows per page
Query Builder