Yoast Yoast_seo
10 CVEs affecting Yoast Yoast_seo. Latest disclosed: 2024-06-11. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-13478 | Critical | 9.8 | 2019-07-09 | The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in term descriptions. |
CVE-2023-32300 | High | 7.1 | 2023-08-23 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <= 14.8 versions. |
CVE-2018-19370 | Medium | 6.6 | 2018-11-28 | A Race condition vulnerability in unzip_file in admin/import/class-import-settings.php in the Yoast SEO (wordpress-seo) plugin before 9.2.0 for WordPress allow… |
CVE-2023-28785 | Medium | 6.5 | 2023-05-28 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <= 14.9 versions. |
CVE-2021-31779 | Medium | 6.4 | 2021-04-28 | The yoast_seo (aka Yoast SEO) extension before 7.2.1 for TYPO3 allows SSRF via a backend user account. |
CVE-2023-40680 | Medium | 5.9 | 2023-11-30 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Yoast Yoast SEO allows Stored XSS.This issue affects… |
CVE-2021-36788 | Medium | 5.4 | 2021-08-13 | The yoast_seo (aka Yoast SEO) extension before 7.2.3 for TYPO3 allows XSS. |
CVE-2021-24153 | Medium | 5.4 | 2021-04-05 | A Stored Cross-Site Scripting vulnerability was discovered in the Yoast SEO WordPress plugin before 3.4.1, which had built-in blacklist filters which were blac… |
CVE-2023-28775 | Medium | 5.3 | 2024-06-11 | Missing Authorization vulnerability in Yoast Yoast SEO Premium.This issue affects Yoast SEO Premium: from n/a through 20.4. |
CVE-2021-25118 | Medium | 5.3 | 2022-02-28 | The Yoast SEO WordPress plugin (from versions 16.7 until 17.2) discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints… |