18 results (0.002 seconds)

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ author meta in all versions up to, and including, 22.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://developer.yoast.com/changelog/yoast-seo/22.7 https://github.com/Yoast/wordpress-seo/pull/21334 https://plugins.trac.wordpress.org/changeset/3079234/wordpress-seo/trunk/src/presenters/slack/enhanced-data-presenter.php https://www.wordfence.com/threat-intel/vulnerabilities/id/59bcd246-ca2f-4336-9a6e-89afe873ed25?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

The Yoast SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 22.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. El complemento Yoast SEO para WordPress es vulnerable a Cross-Site Scripting Reflejado a través de URL en todas las versiones hasta la 22.5 incluida debido a una sanitización de entrada y un escape de salida insuficientes. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en páginas que se ejecutan si logran engañar a un usuario para que realice una acción como hacer clic en un enlace. • https://plugins.trac.wordpress.org/browser/wordpress-seo/trunk/inc/class-wpseo-admin-bar-menu.php#L601 https://plugins.trac.wordpress.org/browser/wordpress-seo/trunk/inc/class-wpseo-shortlinker.php#L20 https://plugins.trac.wordpress.org/browser/wordpress-seo/trunk/src/helpers/short-link-helper.php#L105 https://plugins.trac.wordpress.org/browser/wordpress-seo/trunk/src/helpers/short-link-helper.php#L45 https://plugins.trac.wordpress.org/changeset/3078555/wordpress-seo/trunk#file129 https://www.wordfenc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Yoast Yoast SEO allows Stored XSS.This issue affects Yoast SEO: from n/a through 21.0. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en Team Yoast Yoast SEO permite almacenar XSS. Este problema afecta a Yoast SEO: desde n/a hasta 21.0. The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 21.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with seo manager-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/wordpress-seo/wordpress-yoast-seo-plugin-21-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <= 14.9 versions. The Yoast SEO: Local plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 14.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/wpseo-local/wordpress-yoast-seo-local-plugin-14-9-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Request Forgery (CSRF) vulnerability in Yoast Yoast Local Premium.This issue affects Yoast Local Premium: from n/a through 14.8. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Yoast Yoast Local Premium. Este problema afecta a Yoast Local Premium: desde n/a hasta 14.8. The Yoast SEO: Local plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 14.8. This is due to missing nonce validation on an unknown function. • https://patchstack.com/database/vulnerability/wpseo-local/wordpress-yoast-seo-local-plugin-14-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •