336 matches found
CVE-2021-25118
The Yoast SEO WordPress plugin from versions 16.7 until 17.2 discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities...
CVE-2021-25118
The Yoast SEO WordPress plugin from versions 16.7 until 17.2 discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities...
Design/Logic Flaw
The Yoast SEO WordPress plugin from versions 16.7 until 17.2 discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities...
EUVD-2021-12030
The Yoast SEO WordPress plugin from versions 16.7 until 17.2 discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities...
CVE-2021-25118
CVE-2021-25118 affects Yoast SEO for WordPress, versions 16.7–17.2. The vulnerability enables information disclosure by exposing the full internal path of featured images in posts via the wp/v2/posts REST endpoints. This data exposure could help an attacker identify other vulnerabilities or assis...
PT-2022-9672 · Yoast · Yoast Seo
Name of the Vulnerable Software and Affected Versions: Yoast SEO WordPress plugin versions 16.7 through 17.2 Description: The issue discloses the full internal path of featured images in posts via the "wp/v2/posts" REST endpoints, which could help an attacker identify other vulnerabilities or...
WordPress plugin Yoast SEO 信息泄露漏洞
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. An information disclosure vulnerability exists in versions of the WordPress Yoast SEO plugin prior to...
WordPress Yoast SEO <= 17.2.1 - Unauthenticated Full Path Disclosure vulnerability
Unauthenticated Full Path Disclosure vulnerability discovered by Fariq Fadillah Gusti Insani in WordPress Yoast SEO versions = 17.2.1. Solution Update the WordPress Yoast SEO to the latest available version at least 17.3...
Showmax: Full Path Disclosure in Wordpress Rest API Response
The hacker submitted a full path disclosure vulnerability on our Wordpress site stories.showmax.com. The vulnerability was caused by Yoast SEO plugin and they actually released a fix for the issue today 2021-10-05. Considering the issue was with 3rd party code, the fix for the issue was introduce...
GHSA-28W5-J8XJ-2XWC Cross-site Scripting in the yoast_seo TYPO3 extension
The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability...
CVE-2021-36788
The yoastseo aka Yoast SEO extension before 7.2.3 for TYPO3 allows XSS...
CVE-2021-36788
The yoastseo aka Yoast SEO extension before 7.2.3 for TYPO3 allows XSS...
CVE-2021-36788
The yoastseo aka Yoast SEO extension before 7.2.3 for TYPO3 allows XSS...
Cross site scripting
The yoastseo aka Yoast SEO extension before 7.2.3 for TYPO3 allows XSS...
CVE-2021-36788
The yoastseo aka Yoast SEO extension before 7.2.3 for TYPO3 allows XSS...
Cross Site Scripting in Extension "Yoast SEO for TYPO3" (yoast_seo)
The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability...
CVE-2021-31779
The yoastseo aka Yoast SEO extension before 7.2.1 for TYPO3 allows SSRF via a backend user account...
CVE-2021-31779
The yoastseo aka Yoast SEO extension before 7.2.1 for TYPO3 allows SSRF via a backend user account...
CVE-2021-31779
The yoastseo aka Yoast SEO extension before 7.2.1 for TYPO3 allows SSRF via a backend user account...
CVE-2021-31779
The CVE-2021-31779 issue affects the Yoast SEO extension for TYPO3, specifically versions prior to 7.2.1. A backend TYPO3 user could trigger server-side requests to arbitrary URLs due to insufficient restriction of analyzed URLs to domains managed by the site, enabling SSRF. The vulnerability is ...