CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32300 – WordPress Yoast SEO: Local Plugin <= 14.8 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-32300
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <= 14.8 versions. The Yoast SEO: Local plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 14.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/wpseo-local/wordpress-yoast-seo-local-plugin-14-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25118 – Yoast SEO 16.7-17.2 - Unauthenticated Full Path Disclosure
https://notcve.org/view.php?id=CVE-2021-25118
The Yoast SEO WordPress plugin (from versions 16.7 until 17.2) discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities. El plugin Yoast SEO WordPress (desde la versión 16.7 hasta la 17.2) revela la ruta interna completa de las imágenes destacadas en las entradas a través de los puntos finales REST wp/v2/posts, lo que podría ayudar a un atacante a identificar otras vulnerabilidades o ayudar durante la explotación de otras vulnerabilidades identificadas The Yoast SEO plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 17.2 via the /wp/v2/posts REST endpoints that discloses the full internal path of featured images from posts. This makes it possible for unauthenticated attackers to extract sensitive data which consists of full site path information which can be used to exploit other vulnerabilities. • https://plugins.trac.wordpress.org/changeset/2608691 https://wpscan.com/vulnerability/2c3f9038-632d-40ef-a099-6ea202efb550 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36788
https://notcve.org/view.php?id=CVE-2021-36788
The yoast_seo (aka Yoast SEO) extension before 7.2.3 for TYPO3 allows XSS. La extensión yoast_seo (también se conoce como Yoast SEO) versiones anteriores a 7.2.3 para TYPO3, permite un ataque de tipo XSS. • https://typo3.org/help/security-advisories/security https://typo3.org/security/advisory/typo3-ext-sa-2021-013 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31779
https://notcve.org/view.php?id=CVE-2021-31779
The yoast_seo (aka Yoast SEO) extension before 7.2.1 for TYPO3 allows SSRF via a backend user account. La extensión yoast_seo (también se conoce como Yoast SEO) versiones anteriores a 7.2.1 para TYPO3, permite un ataque de tipo SSRF por medio de una cuenta de usuario backend • https://typo3.org/security/advisory/typo3-ext-sa-2021-006 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.9EPSS: 0%CPEs: 5EXPL: 0CVE-2019-13478 – Yoast SEO <= 11.5 - Authenticated Stored Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-13478
The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in term descriptions. El plugin SEO de Yoast versiones anteriores a 11.6-RC5 para WordPress no restringe apropiadamente el HTML no filtrado en las descripciones de términos. The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via term descriptions in versions up to, and including, 11.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with post editor access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://github.com/Yoast/wordpress-seo/releases/tag/11.6-RC5 https://wpvulndb.com/vulnerabilities/9445 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •