4 matches found
CVE-2017-16842
CVE-2017-16842: A Cross-Site Scripting (XSS) vulnerability was reported in the Yoast SEO WordPress plugin at versions prior to 5.8.0, affecting the admin/google_search_console/class-gsc-table.php file. The issue allows remote attackers to inject arbitrary script/HTML, commonly via the tab paramet...
CVE-2015-2292
CVE-2015-2292 affects WordPress Yoast SEO Plugin versions before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4. The root cause is SQL injection in admin/class-bulk-editor-list-table.php via the wpseo_bulk-editor page, exploitable by remote authenticated users and potentially via CSRF. Impact ...
CVE-2012-6692
CVE-2012-6692 affects WordPress SEO by Yoast plugin for WordPress, prior to version 2.2. The XSS exists in the snippet preview functionality via the post_title parameter to wp-admin/post-new.php, due to inadequate handling in js/wp-seo-metabox.js. A remote attacker could inject arbitrary script/H...
CVE-2015-2293
CVE-2015-2293 describes multiple CSRF vulnerabilities in the WordPress SEO by Yoast plugin for WordPress, enabling remote attackers to hijack user authentication and trigger SQL injection via the wpseo_bulk-editor page (parameters: order_by and order). Affected plugin versions: before 1.5.7, 1.6....