VYPR

Yoast Seo

by WordPress

Source repositories

CVEs (12)

  • CVE-2019-13478CriJul 9, 2019
    risk 0.64cvss 9.8epss 0.03

    The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in term descriptions.

  • CVE-2026-1293MedFeb 6, 2026
    risk 0.42cvss 6.4epss 0.00

    The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the `yoast-schema` block attribute in all versions up to, and including, 26.8 due to insufficient input sanitization and output…

  • CVE-2025-11241MedOct 3, 2025
    risk 0.42cvss 6.4epss 0.00

    The Yoast SEO Premium plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 25.7 to 25.9 due to a flawed regex used to remove an attribute in post content, which can be abused to inject arbitrary HTML attributes, including JavaScript event handlers. This…

  • CVE-2023-40680MedNov 30, 2023
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Yoast Yoast SEO allows Stored XSS.This issue affects Yoast SEO: from n/a through 21.0.

  • CVE-2018-19370MedNov 28, 2018
    risk 0.36cvss 6.6epss 0.03

    A Race condition vulnerability in unzip_file in admin/import/class-import-settings.php in the Yoast SEO (wordpress-seo) plugin before 9.2.0 for WordPress allows an SEO Manager to perform command execution on the Operating System via a ZIP import.

  • CVE-2026-3427MedMar 22, 2026
    risk 0.35cvss 6.4epss 0.00

    The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the `jsonText` block attribute in all versions up to, and including, 27.1.1 due to insufficient input sanitization and output…

  • CVE-2024-4984MedMay 16, 2024
    risk 0.35cvss 6.4epss 0.01

    The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ author meta in all versions up to, and including, 22.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…

  • CVE-2021-25118MedFeb 28, 2022
    risk 0.35cvss 5.3epss 0.06

    The Yoast SEO WordPress plugin (from versions 16.7 until 17.2) discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified…

  • CVE-2021-24153MedApr 5, 2021
    risk 0.35cvss 5.4epss 0.01

    A Stored Cross-Site Scripting vulnerability was discovered in the Yoast SEO WordPress plugin before 3.4.1, which had built-in blacklist filters which were blacklisting Parenthesis as well as several functions such as alert but bypasses were found.

  • CVE-2024-4041MedMay 14, 2024
    risk 0.33cvss 6.1epss 0.01

    The Yoast SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 22.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts…

  • CVE-2017-16842MedNov 16, 2017
    risk 0.24cvss 4.8epss 0.01

    Cross-site scripting (XSS) vulnerability in admin/google_search_console/class-gsc-table.php in the Yoast SEO plugin before 5.8.0 for WordPress allows remote attackers to inject arbitrary web script or HTML.

  • CVE-2025-14481MedMay 27, 2026
    risk 0.21cvss 4.3epss 0.00

    The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object References in all versions up to, and including, 26.5. This is due to insufficient authorization checks in the Meta Search REST API endpoint that fail to verify post ownership. This makes it possible for…