VYPR

Wordpress Seo

by Yoast

Source repositories

CVEs (7)

  • CVE-2026-3427MedMar 22, 2026
    risk 0.35cvss 6.4epss 0.00

    The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the `jsonText` block attribute in all versions up to, and including, 27.1.1 due to insufficient input sanitization and output…

  • CVE-2024-4984MedMay 16, 2024
    risk 0.35cvss 6.4epss 0.01

    The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ author meta in all versions up to, and including, 22.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…

  • CVE-2017-16842MedNov 16, 2017
    risk 0.24cvss 4.8epss 0.01

    Cross-site scripting (XSS) vulnerability in admin/google_search_console/class-gsc-table.php in the Yoast SEO plugin before 5.8.0 for WordPress allows remote attackers to inject arbitrary web script or HTML.

  • CVE-2025-14481MedMay 27, 2026
    risk 0.21cvss 4.3epss 0.00

    The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object References in all versions up to, and including, 26.5. This is due to insufficient authorization checks in the Meta Search REST API endpoint that fail to verify post ownership. This makes it possible for…

  • CVE-2015-2292Mar 17, 2015
    risk 0.03cvss epss 0.06

    Multiple SQL injection vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) order_by or…

  • CVE-2012-6692Jun 17, 2015
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in js/wp-seo-metabox.js in the WordPress SEO by Yoast plugin before 2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the post_title parameter to wp-admin/post-new.php, which is not properly handled in…

  • CVE-2015-2293Mar 17, 2015
    risk 0.00cvss epss 0.02

    Multiple cross-site request forgery (CSRF) vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remote attackers to hijack the authentication of certain users…