CVE-2024-4984 – Yoast SEO <= 22.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-4984
The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ author meta in all versions up to, and including, 22.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://developer.yoast.com/changelog/yoast-seo/22.7 https://github.com/Yoast/wordpress-seo/pull/21334 https://plugins.trac.wordpress.org/changeset/3079234/wordpress-seo/trunk/src/presenters/slack/enhanced-data-presenter.php https://www.wordfence.com/threat-intel/vulnerabilities/id/59bcd246-ca2f-4336-9a6e-89afe873ed25?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-4041 – Yoast SEO <= 22.5 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-4041
The Yoast SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 22.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. El complemento Yoast SEO para WordPress es vulnerable a Cross-Site Scripting Reflejado a través de URL en todas las versiones hasta la 22.5 incluida debido a una sanitización de entrada y un escape de salida insuficientes. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en páginas que se ejecutan si logran engañar a un usuario para que realice una acción como hacer clic en un enlace. • https://plugins.trac.wordpress.org/browser/wordpress-seo/trunk/inc/class-wpseo-admin-bar-menu.php#L601 https://plugins.trac.wordpress.org/browser/wordpress-seo/trunk/inc/class-wpseo-shortlinker.php#L20 https://plugins.trac.wordpress.org/browser/wordpress-seo/trunk/src/helpers/short-link-helper.php#L105 https://plugins.trac.wordpress.org/browser/wordpress-seo/trunk/src/helpers/short-link-helper.php#L45 https://plugins.trac.wordpress.org/changeset/3078555/wordpress-seo/trunk#file129 https://www.wordfenc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-40680 – WordPress Yoast SEO Plugin <= 21.0 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-40680
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Yoast Yoast SEO allows Stored XSS.This issue affects Yoast SEO: from n/a through 21.0. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en Team Yoast Yoast SEO permite almacenar XSS. Este problema afecta a Yoast SEO: desde n/a hasta 21.0. The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 21.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with seo manager-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/wordpress-seo/wordpress-yoast-seo-plugin-21-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-28785 – WordPress Yoast SEO: Local Plugin <= 14.9 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-28785
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <= 14.9 versions. The Yoast SEO: Local plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 14.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/wpseo-local/wordpress-yoast-seo-local-plugin-14-9-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-32300 – WordPress Yoast SEO: Local Plugin <= 14.8 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-32300
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <= 14.8 versions. The Yoast SEO: Local plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 14.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/wpseo-local/wordpress-yoast-seo-local-plugin-14-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •