Yoast SEO <= 2.1.1 - Authenticated Stored DOM XSS

2015-06-12T00:00:00
ID WPVDB-ID:8045
Type wpvulndb
Reporter Charles Neill
Modified 2019-10-31T00:00:00

Description

WordPress Vulnerability - Yoast SEO <= 2.1.1 - Authenticated Stored DOM XSS Vulnerable URL: /wp-admin/post-new.php?post_title= Vulnerable Code (wordpress-seo/js/wp-seo-metabox.js): function yst_clean(str) { if (str == '' || str == undefined) return ''; try { str = jQuery('

').html(str).text(); str = str.replace(/<\/?[^>]+>/gi, ''); str = str.replace(/\(.+?)\?/g, ''); } catch (e) { } return str; } Link: https://github.com/Yoast/wordpress-seo/blob/2.1.1/js/wp-seo-metabox.js#L1-13