CVE-2021-24153
Yoast SEO < 3.4.1 - Authenticated Stored Cross-Site Scripting (XSS)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A Stored Cross-Site Scripting vulnerability was discovered in the Yoast SEO WordPress plugin before 3.4.1, which had built-in blacklist filters which were blacklisting Parenthesis as well as several functions such as alert but bypasses were found.
Se detectó una vulnerabilidad de tipo Cross-Site Scripting Almacenado en el plugin Yoast SEO WordPress versiones anteriores a 3.4.1, que tenía filtros de lista negra incorporados que incluían paréntesis en la lista negra, así como varias funciones como alertas pero se encontraron omisiones
A Stored Cross-Site Scripting vulnerability was discovered in the Yoast SEO WordPress plugin before 3.4.1, which had built-in blacklist filters which were blacklisting parentheses as well as several functions such as alert, but bypasses were found.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-08-02 CVE Published
- 2021-01-14 CVE Reserved
- 2024-07-22 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://plugins.trac.wordpress.org/changeset/1466243/wordpress-seo | Third Party Advisory | |
| https://wpscan.com/vulnerability/77810044-394d-4314-b9a1-20c7dca726dc | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://packetstormsecurity.com/files/138192 | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|