Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yoast yoast seo vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-4984
The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ author meta in all versions up to, and including, 22.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...
NA
CVE-2024-4041
The Yoast SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 22.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated malicious users to inject arbitrary web sc...
NA
CVE-2023-40680
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Yoast Yoast SEO allows Stored XSS.This issue affects Yoast SEO: from n/a up to and including 21.0.
Yoast Yoast Seo
NA
CVE-2023-28780
Cross-Site Request Forgery (CSRF) vulnerability in Yoast Yoast Local Premium.This issue affects Yoast Local Premium: from n/a up to and including 14.8.
Yoast Yoast Local Seo
NA
CVE-2023-32300
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <= 14.8 versions.
Yoast Yoast Seo
NA
CVE-2023-28785
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <= 14.9 versions.
Yoast Yoast Seo
5
CVSSv2
CVE-2021-25118
The Yoast SEO WordPress plugin (from versions 16.7 until 17.2) discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabi...
Yoast Yoast Seo
3.5
CVSSv2
CVE-2021-36788
The yoast_seo (aka Yoast SEO) extension prior to 7.2.3 for TYPO3 allows XSS.
Yoast Yoast Seo
5.5
CVSSv2
CVE-2021-31779
The yoast_seo (aka Yoast SEO) extension prior to 7.2.1 for TYPO3 allows SSRF via a backend user account.
3.5
CVSSv2
CVE-2021-24153
A Stored Cross-Site Scripting vulnerability exists in the Yoast SEO WordPress plugin prior to 3.4.1, which had built-in blacklist filters which were blacklisting Parenthesis as well as several functions such as alert but bypasses were found.
Yoast Yoast Seo
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »