CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32300 – WordPress Yoast SEO: Local Plugin <= 14.8 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-32300
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <= 14.8 versions. The Yoast SEO: Local plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 14.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/wpseo-local/wordpress-yoast-seo-local-plugin-14-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-20092 – Google Analytics Dashboard Plugin cross site scriting
https://notcve.org/view.php?id=CVE-2017-20092
A vulnerability classified as problematic was found in Google Analytics Dashboard Plugin 2.1.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting. The attack can be launched remotely. Se ha encontrado una vulnerabilidad clasificada como problemática en el plugin Google Analytics Dashboard versión 2.1.1. • http://seclists.org/fulldisclosure/2017/Feb/93 https://vuldb.com/?id.97381 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25118 – Yoast SEO 16.7-17.2 - Unauthenticated Full Path Disclosure
https://notcve.org/view.php?id=CVE-2021-25118
The Yoast SEO WordPress plugin (from versions 16.7 until 17.2) discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities. El plugin Yoast SEO WordPress (desde la versión 16.7 hasta la 17.2) revela la ruta interna completa de las imágenes destacadas en las entradas a través de los puntos finales REST wp/v2/posts, lo que podría ayudar a un atacante a identificar otras vulnerabilidades o ayudar durante la explotación de otras vulnerabilidades identificadas The Yoast SEO plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 17.2 via the /wp/v2/posts REST endpoints that discloses the full internal path of featured images from posts. This makes it possible for unauthenticated attackers to extract sensitive data which consists of full site path information which can be used to exploit other vulnerabilities. • https://plugins.trac.wordpress.org/changeset/2608691 https://wpscan.com/vulnerability/2c3f9038-632d-40ef-a099-6ea202efb550 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36788
https://notcve.org/view.php?id=CVE-2021-36788
The yoast_seo (aka Yoast SEO) extension before 7.2.3 for TYPO3 allows XSS. La extensión yoast_seo (también se conoce como Yoast SEO) versiones anteriores a 7.2.3 para TYPO3, permite un ataque de tipo XSS. • https://typo3.org/help/security-advisories/security https://typo3.org/security/advisory/typo3-ext-sa-2021-013 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31779
https://notcve.org/view.php?id=CVE-2021-31779
The yoast_seo (aka Yoast SEO) extension before 7.2.1 for TYPO3 allows SSRF via a backend user account. La extensión yoast_seo (también se conoce como Yoast SEO) versiones anteriores a 7.2.1 para TYPO3, permite un ataque de tipo SSRF por medio de una cuenta de usuario backend • https://typo3.org/security/advisory/typo3-ext-sa-2021-006 • CWE-918: Server-Side Request Forgery (SSRF) •