Yoast SEO

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   Yoast SEO

Information

Software Type Plugin
Software Slug wordpress-seo (view on wordpress.org)
Software Status Active
Software Author yoast
Software Website yoa.st
Software Downloads 661,567,758
Software Active Installs 5,000,000
Software Record Last Updated April 16, 2024

14 Vulnerabilities

Yoast SEO <= 21.0 - Authenticated (Seo Manager+) Stored Cross-Site Scripting
5.5
CVE-2023-40680
Nov 24, 2023
Researcher: Rafie Muhammad
Yoast SEO <= 20.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE ID Unknown
Mar 2, 2023
Researcher: Leonidas Milosis
Yoast SEO <= 17.2 - Full Path Disclosure
5.3
CVE-2021-25118
Oct 5, 2021
Researcher: Fariq Fadillah Gusti Insani (fariqfgi)
Yoast SEO <= 11.5 - Authenticated Stored Cross Site Scripting
6.4
CVE-2019-13478
Jul 9, 2019
Researcher: Sybre Waaijer
Yoast SEO <= 9.1.0 - Race Condition to Remote Code Execution
6.6
CVE-2018-19370
Nov 6, 2018
Researchers:
Yoast SEO <= 5.7.1 - Reflected Cross-Site Scripting
6.1
CVE-2017-16842
Nov 22, 2017
Researcher: Elias Dimopoulos
Yoast SEO <= 3.4.0 - Authenticated Stored Cross-Site Scripting
5.4
CVE-2021-24153
Aug 2, 2016
Researcher: Hammad Shamsi
Yoast SEO <= 3.2.5 - Cross-Site Scripting
4.7
CVE ID Unknown
Jun 14, 2016
Researchers:
Yoast SEO <= 3.2.4 - Sensitive Data Exposure
5.3
CVE ID Unknown
May 6, 2016
Researcher: Panagiotis Vagenas
Yoast SEO <= 2.0.1 - Reflected Cross-Site Scripting
6.1
CVE ID Unknown
Apr 20, 2015
Researchers:
Yoast SEO <= 1.7.3.3 - Blind SQL Injection
8.8
CVE-2015-2292
Mar 11, 2015
Researcher: Ryan Dewhurst
Yoast SEO <= 1.7.3.3 - Cross-Site Request Forgery
7.5
CVE-2015-2293
Mar 10, 2015
Researcher: Ryan Dewhurst
Yoast SEO <= 1.4.6 - Missing Authorization
6.5
CVE ID Unknown
Aug 1, 2014
Researchers:
Yoast SEO <= 2.1.1 - Cross Site Scripting via post_title parameter
6.1
CVE-2012-6692
Oct 31, 2012
Researchers:
Title CVE ID CVSS Researchers Date
Yoast SEO <= 21.0 - Authenticated (Seo Manager+) Stored Cross-Site Scripting CVE-2023-40680 5.5 Rafie Muhammad November 24, 2023
Yoast SEO <= 20.2 - Authenticated (Contributor+) Stored Cross-Site Scripting 6.4 Leonidas Milosis March 2, 2023
Yoast SEO <= 17.2 - Full Path Disclosure CVE-2021-25118 5.3 Fariq Fadillah Gusti Insani (fariqfgi) October 5, 2021
Yoast SEO <= 11.5 - Authenticated Stored Cross Site Scripting CVE-2019-13478 6.4 Sybre Waaijer July 9, 2019
Yoast SEO <= 9.1.0 - Race Condition to Remote Code Execution CVE-2018-19370 6.6 November 6, 2018
Yoast SEO <= 5.7.1 - Reflected Cross-Site Scripting CVE-2017-16842 6.1 Elias Dimopoulos November 22, 2017
Yoast SEO <= 3.4.0 - Authenticated Stored Cross-Site Scripting CVE-2021-24153 5.4 Hammad Shamsi August 2, 2016
Yoast SEO <= 3.2.5 - Cross-Site Scripting 4.7 June 14, 2016
Yoast SEO <= 3.2.4 - Sensitive Data Exposure 5.3 Panagiotis Vagenas May 6, 2016
Yoast SEO <= 2.0.1 - Reflected Cross-Site Scripting 6.1 April 20, 2015
Yoast SEO <= 1.7.3.3 - Blind SQL Injection CVE-2015-2292 8.8 Ryan Dewhurst March 11, 2015
Yoast SEO <= 1.7.3.3 - Cross-Site Request Forgery CVE-2015-2293 7.5 Ryan Dewhurst March 10, 2015
Yoast SEO <= 1.4.6 - Missing Authorization 6.5 August 1, 2014
Yoast SEO <= 2.1.1 - Cross Site Scripting via post_title parameter CVE-2012-6692 6.1 October 31, 2012

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation