cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-4984,https://securityvulnerability.io/vulnerability/CVE-2024-4984,Yoast SEO Plugin Vulnerable to Stored Cross-Site Scripting,"The Yoast SEO plugin for WordPress has a vulnerability due to inadequate input sanitization and output escaping in the 'display_name' author meta. This flaw affects all versions up to and including 22.6, allowing authenticated users with contributor-level access or higher to inject arbitrary web scripts. When a user accesses a compromised page, these scripts can execute, potentially leading to data theft, site defacement, or further compromise of the WordPress installation. Addressing this vulnerability is essential for maintaining the integrity and security of WordPress sites utilizing this popular plugin.",Wordpress,Yoast Seo,6.4,MEDIUM,0.00044999999227002263,false,,true,false,false,,true,false,2024-05-16T02:02:35.901Z,4265
CVE-2024-4041,https://securityvulnerability.io/vulnerability/CVE-2024-4041,Yoast SEO Plugin Vulnerable to Reflected Cross-Site Scripting,"The Yoast SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 22.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",Wordpress,Yoast Seo,6.1,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,2024-05-14T15:42:00.000Z,0
CVE-2021-25118,https://securityvulnerability.io/vulnerability/CVE-2021-25118,Yoast SEO 16.7-17.2 - Unauthenticated Full Path Disclosure,The Yoast SEO WordPress plugin (from versions 16.7 until 17.2) discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.,Wordpress,Yoast Seo,5.3,MEDIUM,0.001550000044517219,false,,false,false,false,,false,false,2022-02-28T09:06:38.000Z,0
CVE-2021-24153,https://securityvulnerability.io/vulnerability/CVE-2021-24153,Yoast SEO < 3.4.1 - Authenticated Stored Cross-Site Scripting (XSS),"A Stored Cross-Site Scripting vulnerability was discovered in the Yoast SEO WordPress plugin before 3.4.1, which had built-in blacklist filters which were blacklisting Parenthesis as well as several functions such as alert but bypasses were found.",Wordpress,Yoast Seo,5.4,MEDIUM,0.0029800001066178083,false,,false,false,false,,false,false,2021-04-05T18:27:42.000Z,0
CVE-2019-13478,https://securityvulnerability.io/vulnerability/CVE-2019-13478,,The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in term descriptions.,Wordpress,Yoast Seo,9.9,CRITICAL,0.00215000007301569,false,,false,false,false,,false,false,2019-07-09T23:15:00.000Z,0
CVE-2018-19370,https://securityvulnerability.io/vulnerability/CVE-2018-19370,,A Race condition vulnerability in unzip_file in admin/import/class-import-settings.php in the Yoast SEO (wordpress-seo) plugin before 9.2.0 for WordPress allows an SEO Manager to perform command execution on the Operating System via a ZIP import.,Wordpress,Yoast Seo,6.6,MEDIUM,0.019430000334978104,false,,false,false,false,,false,false,2018-11-28T22:00:00.000Z,0