EPSS
Percentile
87.2%
yoast/wordpress-seo is vulnerable to remote code execution. An SEO Manager is able to execute arbitrary OS commands via a ZIP import through a race condition vulnerability in unzip_file in admin/import/class-import-settings.php.
unzip_file
admin/import/class-import-settings.php
github.com/Yoast/wordpress-seo/commit/3bfa70a143f5ea3ee1934f3a1703bb5caf139ffa
github.com/Yoast/wordpress-seo/pull/11502