Yoast SEO

Software Type	Plugin
Software Slug	wordpress-seo (view on wordpress.org)
Software Status	Active
Software Author	yoast
Software Website	yoa.st
Software Downloads	551,310,699
Software Active Installs	5,000,000
Software Record Last Updated	May 31, 2023

13 vulnerabilities

Yoast SEO <= 20.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE ID Unknown

Mar 2, 2023

Researcher: Leonidas Milosis

Yoast SEO <= 17.2 - Full Path Disclosure

5.3

CVE-2021-25118

Oct 5, 2021

Researcher: Fariq Fadillah Gusti Insani

Yoast SEO <= 11.5 - Authenticated Stored Cross Site Scripting

6.4

CVE-2019-13478

Jul 9, 2019

Researcher: Sybre Waaijer

Yoast SEO <= 9.1.0 - Race Condition to Remote Code Execution

6.6

CVE-2018-19370

Nov 6, 2018

Researchers:

Yoast SEO <= 5.7.1 - Reflected Cross-Site Scripting

6.1

CVE-2017-16842

Nov 22, 2017

Researcher: Elias Dimopoulos

Yoast SEO <= 3.4.0 - Authenticated Stored Cross-Site Scripting

5.4

CVE-2021-24153

Aug 2, 2016

Researcher: Hammad Shamsi

Yoast SEO <= 3.2.5 - Cross-Site Scripting

4.7

CVE ID Unknown

Jun 14, 2016

Researchers:

Yoast SEO <= 3.2.4 - Sensitive Data Exposure

5.3

CVE ID Unknown

May 6, 2016

Researcher: Panagiotis Vagenas

Yoast SEO <= 2.0.1 - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Apr 20, 2015

Researchers:

Yoast SEO <= 1.7.3.3 - Blind SQL Injection

8.8

CVE-2015-2292

Mar 11, 2015

Researcher: Ryan Dewhurst

Yoast SEO <= 1.7.3.3 - Cross-Site Request Forgery

7.5

CVE-2015-2293

Mar 10, 2015

Researcher: Ryan Dewhurst

Yoast SEO <= 1.4.6 - Missing Authorization

6.5

CVE ID Unknown

Aug 1, 2014

Researchers:

Yoast SEO <= 2.1.1 - Cross Site Scripting via post_title parameter

6.1

CVE-2012-6692

Oct 31, 2012

Researchers:

Title	CVE ID	CVSS	Researchers	Date
Yoast SEO <= 20.2 - Authenticated (Contributor+) Stored Cross-Site Scripting		6.4	Leonidas Milosis	March 2, 2023
Yoast SEO <= 17.2 - Full Path Disclosure	CVE-2021-25118	5.3	Fariq Fadillah Gusti Insani	October 5, 2021
Yoast SEO <= 11.5 - Authenticated Stored Cross Site Scripting	CVE-2019-13478	6.4	Sybre Waaijer	July 9, 2019
Yoast SEO <= 9.1.0 - Race Condition to Remote Code Execution	CVE-2018-19370	6.6		November 6, 2018
Yoast SEO <= 5.7.1 - Reflected Cross-Site Scripting	CVE-2017-16842	6.1	Elias Dimopoulos	November 22, 2017
Yoast SEO <= 3.4.0 - Authenticated Stored Cross-Site Scripting	CVE-2021-24153	5.4	Hammad Shamsi	August 2, 2016
Yoast SEO <= 3.2.5 - Cross-Site Scripting		4.7		June 14, 2016
Yoast SEO <= 3.2.4 - Sensitive Data Exposure		5.3	Panagiotis Vagenas	May 6, 2016
Yoast SEO <= 2.0.1 - Reflected Cross-Site Scripting		6.1		April 20, 2015
Yoast SEO <= 1.7.3.3 - Blind SQL Injection	CVE-2015-2292	8.8	Ryan Dewhurst	March 11, 2015
Yoast SEO <= 1.7.3.3 - Cross-Site Request Forgery	CVE-2015-2293	7.5	Ryan Dewhurst	March 10, 2015
Yoast SEO <= 1.4.6 - Missing Authorization		6.5		August 1, 2014
Yoast SEO <= 2.1.1 - Cross Site Scripting via post_title parameter	CVE-2012-6692	6.1		October 31, 2012

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

Yoast SEO

Information

13 vulnerabilities