Lucene search
+L

336 matches found

NVD
NVD
added 2022/02/28 9:15 a.m.23 views

CVE-2021-25118

The Yoast SEO WordPress plugin from versions 16.7 until 17.2 discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities...

5.3CVSS0.05632EPSS
Exploits1References2
OSV
OSV
added 2022/02/28 9:15 a.m.19 views

CVE-2021-25118

The Yoast SEO WordPress plugin from versions 16.7 until 17.2 discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities...

5.3CVSS7AI score
Exploits0References2
Prion
Prion
added 2022/02/28 9:15 a.m.23 views

Design/Logic Flaw

The Yoast SEO WordPress plugin from versions 16.7 until 17.2 discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities...

5CVSS5.4AI score0.05632EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2022/02/28 9:6 a.m.7 views

EUVD-2021-12030

The Yoast SEO WordPress plugin from versions 16.7 until 17.2 discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities...

5.3CVSS5.4AI score0.05632EPSS
Exploits1References2
CVE
CVE
added 2022/02/28 9:6 a.m.421 views

CVE-2021-25118

CVE-2021-25118 affects Yoast SEO for WordPress, versions 16.7–17.2. The vulnerability enables information disclosure by exposing the full internal path of featured images in posts via the wp/v2/posts REST endpoints. This data exposure could help an attacker identify other vulnerabilities or assis...

5.3CVSS5.5AI score0.05632EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/02/28 12:0 a.m.5 views

PT-2022-9672 · Yoast · Yoast Seo

Name of the Vulnerable Software and Affected Versions: Yoast SEO WordPress plugin versions 16.7 through 17.2 Description: The issue discloses the full internal path of featured images in posts via the "wp/v2/posts" REST endpoints, which could help an attacker identify other vulnerabilities or...

5.3CVSS5.3AI score0.05632EPSS
Exploits1References6
CNNVD
CNNVD
added 2022/02/28 12:0 a.m.11 views

WordPress plugin Yoast SEO 信息泄露漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. An information disclosure vulnerability exists in versions of the WordPress Yoast SEO plugin prior to...

5.3CVSS5.7AI score0.05632EPSS
Exploits1References3
Patchstack
Patchstack
added 2022/02/23 12:0 a.m.52 views

WordPress Yoast SEO <= 17.2.1 - Unauthenticated Full Path Disclosure vulnerability

Unauthenticated Full Path Disclosure vulnerability discovered by Fariq Fadillah Gusti Insani in WordPress Yoast SEO versions = 17.2.1. Solution Update the WordPress Yoast SEO to the latest available version at least 17.3...

5.3CVSS2.5AI score0.05632EPSS
Exploits1References3Affected Software1
Hacker One
Hacker One
added 2021/10/05 2:19 a.m.31 views

Showmax: Full Path Disclosure in Wordpress Rest API Response

The hacker submitted a full path disclosure vulnerability on our Wordpress site stories.showmax.com. The vulnerability was caused by Yoast SEO plugin and they actually released a fix for the issue today 2021-10-05. Considering the issue was with 3rd party code, the fix for the issue was introduce...

1.3AI score
Exploits0
OSV
OSV
added 2021/09/01 6:36 p.m.36 views

GHSA-28W5-J8XJ-2XWC Cross-site Scripting in the yoast_seo TYPO3 extension

The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability...

5.4CVSS5.3AI score0.00471EPSS
Exploits0References4
OSV
OSV
added 2021/08/13 5:15 p.m.2 views

CVE-2021-36788

The yoastseo aka Yoast SEO extension before 7.2.3 for TYPO3 allows XSS...

5.4CVSS6.1AI score0.00471EPSS
Exploits0References2
NVD
NVD
added 2021/08/13 5:15 p.m.17 views

CVE-2021-36788

The yoastseo aka Yoast SEO extension before 7.2.3 for TYPO3 allows XSS...

5.4CVSS0.00471EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/08/13 5:15 p.m.4 views

CVE-2021-36788

The yoastseo aka Yoast SEO extension before 7.2.3 for TYPO3 allows XSS...

5.4CVSS6.1AI score0.00471EPSS
Exploits0References3
Prion
Prion
added 2021/08/13 5:15 p.m.16 views

Cross site scripting

The yoastseo aka Yoast SEO extension before 7.2.3 for TYPO3 allows XSS...

3.5CVSS5.5AI score0.00471EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/08/13 4:9 p.m.28 views

CVE-2021-36788

The yoastseo aka Yoast SEO extension before 7.2.3 for TYPO3 allows XSS...

5.8AI score0.00471EPSS
Exploits0References2
Typo3
Typo3
added 2021/08/10 12:0 a.m.47 views

Cross Site Scripting in Extension "Yoast SEO for TYPO3" (yoast_seo)

The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability...

3.5CVSS0.9AI score0.00471EPSS
Exploits0Affected Software1
NVD
NVD
added 2021/04/28 7:15 a.m.22 views

CVE-2021-31779

The yoastseo aka Yoast SEO extension before 7.2.1 for TYPO3 allows SSRF via a backend user account...

6.4CVSS0.00474EPSS
Exploits0References1
OSV
OSV
added 2021/04/28 7:15 a.m.3 views

CVE-2021-31779

The yoastseo aka Yoast SEO extension before 7.2.1 for TYPO3 allows SSRF via a backend user account...

6.4CVSS5.8AI score0.00474EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/04/28 6:23 a.m.17 views

CVE-2021-31779

The yoastseo aka Yoast SEO extension before 7.2.1 for TYPO3 allows SSRF via a backend user account...

6.6AI score0.00474EPSS
Exploits0References1
CVE
CVE
added 2021/04/28 6:23 a.m.74 views

CVE-2021-31779

The CVE-2021-31779 issue affects the Yoast SEO extension for TYPO3, specifically versions prior to 7.2.1. A backend TYPO3 user could trigger server-side requests to arbitrary URLs due to insufficient restriction of analyzed URLs to domains managed by the site, enabling SSRF. The vulnerability is ...

6.4CVSS6.3AI score0.00474EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder