Yoast

Yoast Seo

16 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2026-40722

  • EPSS 0.19%
  • Veröffentlicht 17.06.2026 08:40:37
  • Zuletzt bearbeitet 17.06.2026 08:40:37

Missing Authorization vulnerability in Yoast BV Yoast SEO Premium allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Yoast SEO Premium: from n/a through 26.6.

4.3

CVE-2025-14481

  • EPSS 0.29%
  • Veröffentlicht 27.05.2026 04:28:59
  • Zuletzt bearbeitet 27.05.2026 14:50:47

The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object References in all versions up to, and including, 26.5. This is due to insufficient authorization checks in the Meta Search REST API endpoint that fail to verify post ownership...

6.4

CVE-2026-3427

  • EPSS 0.19%
  • Veröffentlicht 22.03.2026 03:26:35
  • Zuletzt bearbeitet 24.04.2026 16:32:53

The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the `jsonText` block attribute in all versions up to, and including, 27.1.1 due to insufficient input sanit...

6.4

CVE-2026-1293

  • EPSS 0.19%
  • Veröffentlicht 06.02.2026 11:21:30
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the `yoast-schema` block attribute in all versions up to, and including, 26.8 due to insufficient input san...

5.3

CVE-2023-28775

  • EPSS 0.35%
  • Veröffentlicht 11.06.2024 10:15:11
  • Zuletzt bearbeitet 21.11.2024 07:55:59

Missing Authorization vulnerability in Yoast Yoast SEO Premium.This issue affects Yoast SEO Premium: from n/a through 20.4.

6.4

CVE-2024-4984

  • EPSS 0.63%
  • Veröffentlicht 16.05.2024 02:15:09
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ author meta in all versions up to, and including, 22.6 due to insufficient input sanitization and output escaping. This makes it possible for authe...

6.1

CVE-2024-4041

  • EPSS 0.83%
  • Veröffentlicht 14.05.2024 15:42:45
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Yoast SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 22.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

4.8

CVE-2023-40680

  • EPSS 0.43%
  • Veröffentlicht 30.11.2023 13:15:07
  • Zuletzt bearbeitet 28.04.2026 19:21:13

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Yoast Yoast SEO allows Stored XSS.This issue affects Yoast SEO: from n/a through 21.0.

6.1

CVE-2023-32300

  • EPSS 0.38%
  • Veröffentlicht 23.08.2023 15:15:08
  • Zuletzt bearbeitet 21.11.2024 08:03:04

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <= 14.8 versions.

5.4

CVE-2023-28785

  • EPSS 0.37%
  • Veröffentlicht 28.05.2023 19:15:09
  • Zuletzt bearbeitet 21.11.2024 07:56:00

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <= 14.9 versions.