336 matches found
WordPress Yoast SEO Plugin < 9.2.0 Race Condition Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.112515";...
WordPress <= 5.0 - User Activation Screen Search Engine Indexing
User Activation Screen Search Engine Indexing found by Yoast in WordPress versions = 5.0. Solution Update WordPress to the latest available version at least 5.0.1...
Remote Code Execution (RCE)
yoast/wordpress-seo is vulnerable to remote code execution. An SEO Manager is able to execute arbitrary OS commands via a ZIP import through a race condition vulnerability in unzipfile in admin/import/class-import-settings.php...
WordPress Yoast SEO Plugin Competitive Conditions Vulnerability
WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. Yoast SEO wordpress-seo plugin is used in one of the search engine optimization plugin. A competitive conditio...
Race condition
A Race condition vulnerability in unzipfile in admin/import/class-import-settings.php in the Yoast SEO wordpress-seo plugin before 9.2.0 for WordPress allows an SEO Manager to perform command execution on the Operating System via a ZIP import...
CVE-2018-19370
A Race condition vulnerability in unzipfile in admin/import/class-import-settings.php in the Yoast SEO wordpress-seo plugin before 9.2.0 for WordPress allows an SEO Manager to perform command execution on the Operating System via a ZIP import...
CVE-2018-19370
A Race condition vulnerability in unzipfile in admin/import/class-import-settings.php in the Yoast SEO wordpress-seo plugin before 9.2.0 for WordPress allows an SEO Manager to perform command execution on the Operating System via a ZIP import...
CVE-2018-19370
A Race condition vulnerability in unzipfile in admin/import/class-import-settings.php in the Yoast SEO wordpress-seo plugin before 9.2.0 for WordPress allows an SEO Manager to perform command execution on the Operating System via a ZIP import...
CVE-2018-19370
The CVE-2018-19370 entry concerns Yoast SEO (wordpress-seo) plugin for WordPress, specifically versions before 9.2.0. A race-condition in unzip_file (admin/import/class-import-settings.php) allows an SEO Manager to execute OS commands via a ZIP import. Public sources in the connected documents co...
WordPress Yoast SEO plugin <= 9.1.0 - Authenticated Command Execution vulnerability
Authenticated Command Execution vulnerability found by Dimopoulos Elias in WordPress Yoast SEO plugin versions = 9.1. Solution Update the WordPress Yoast SEO plugin to the latest available version at least 9.2.0...
WordPress Yoast SEO Cross Site Scripting
Discoverer: Elias Dimopoulos Linkedin: https://gr.linkedin.com/in/dimopouloselias Vulnerability: Reflected XSS Affected plugin: Yoast SEO plugin alertwindow.location!-- The victim has to have a valid profile under http://victim/wp-admin/admin.php?page=wpseosearchconsole&tab=settings example:...
WordPress Yoast SEO Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Discoverer: Elias Dimopoulos Linkedin: https://gr.linkedin.com/in/dimopouloselias Vulnerability: Reflected XSS Affected plugin: Yoast SEO plugin alertwindow.location!-- The victim has to have a valid profile under...
WordPress Yoast SEO Plugin Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.Yoast SEO plugin is one of the search engine optimization plugin. A cross-site scripting vulnerability exists in th...
WordPress Yoast SEO plugin <=5.7.1 - Unauthenticated Cross-Site Scripting (XSS) vulnerability
Unauthenticated Cross-Site Scripting XSS vulnerability found in WordPress Yoast SEO plugin versions =5.7.1. Vulnerability found in "admin/googlesearchconsole/class-gsc-table.php" of the WordPress Yoast SEO plugin versions before version 5.8.0, and it allows remote attackers to inject arbitrary we...
WordPress Yoast SEO Plugin < 5.8.0 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.112127";...
CVE-2017-16842
Cross-site scripting XSS vulnerability in admin/googlesearchconsole/class-gsc-table.php in the Yoast SEO plugin before 5.8.0 for WordPress allows remote attackers to inject arbitrary web script or HTML...
Cross site scripting
Cross-site scripting XSS vulnerability in admin/googlesearchconsole/class-gsc-table.php in the Yoast SEO plugin before 5.8.0 for WordPress allows remote attackers to inject arbitrary web script or HTML...
CVE-2017-16842
Cross-site scripting XSS vulnerability in admin/googlesearchconsole/class-gsc-table.php in the Yoast SEO plugin before 5.8.0 for WordPress allows remote attackers to inject arbitrary web script or HTML...
CVE-2017-16842
Cross-site scripting XSS vulnerability in admin/googlesearchconsole/class-gsc-table.php in the Yoast SEO plugin before 5.8.0 for WordPress allows remote attackers to inject arbitrary web script or HTML...
CVE-2017-16842
CVE-2017-16842: A Cross-Site Scripting (XSS) vulnerability was reported in the Yoast SEO WordPress plugin at versions prior to 5.8.0, affecting the admin/google_search_console/class-gsc-table.php file. The issue allows remote attackers to inject arbitrary script/HTML, commonly via the tab paramet...