Yoast SEO – Advanced SEO with real-time guidance and built-in AI WordPress Plugin Security Vulnerabilities | WPScan

14

January 7, 2026

10000000

Published

2024-05-14

Title

Yoast SEO < 22.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Fixed in

Fixed in 22.7

CVSS

6.4 (medium)

Published

2024-05-06

Title

Yoast SEO < 22.6 - Reflected Cross-Site Scripting

Fixed in

Fixed in 22.6

CVSS

6.1 (medium)

Published

2023-11-24

Title

Yoast SEO < 21.1 - Authenticated (Seo Manager+) Stored Cross-Site Scripting

Fixed in

Fixed in 21.1

CVSS

5.5 (medium)

Published

2021-10-05

Title

Yoast SEO 16.7-17.2 - Unauthenticated Full Path Disclosure

Fixed in

Fixed in 17.3

CVSS

0.0 (none)

Published

2019-07-09

Title

Yoast SEO 1.2.0-11.5 - Authenticated Stored XSS

Fixed in

Fixed in 11.6

CVSS

9.8 (critical)

Published

2018-11-20

Title

Yoast SEO <= 9.1 - Authenticated Race Condition

Fixed in

Fixed in 9.2

CVSS

6.6 (medium)

Published

2017-11-15

Title

Yoast SEO < 5.8 - Authenticated Cross-Site Scripting (XSS)

Fixed in

Fixed in 5.8

CVSS

4.8 (medium)

Published

2016-08-02

Title

Yoast SEO < 3.4.1 - Authenticated Stored Cross-Site Scripting (XSS)

Fixed in

Fixed in 3.4.1

CVSS

4.8 (medium)

Published

2016-06-14

Title

Yoast SEO < 3.3.0 - Unspecified Cross-Site Scripting (XSS)

Fixed in

Fixed in 3.3.0

CVSS

n/a

Published

2016-05-06

Title

Yoast SEO <= 3.2.4 - Subscriber Settings Sensitive Data Exposure

Fixed in

Fixed in 3.2.5

CVSS

n/a

Published

2015-06-12

Title

Yoast SEO < 2.2 - Authenticated Stored DOM XSS

Fixed in

Fixed in 2.2

CVSS

n/a

Published

2015-03-11

Title

Yoast SEO < 1.7.4 - Blind SQL Injection

Fixed in

Fixed in 1.7.4

CVSS

n/a

Published

2014-08-01

Title

Yoast SEO < 1.4.7 - Reset Settings Feature Access Restriction Bypass

Fixed in

Fixed in 1.4.7

CVSS

n/a

Published

2014-08-01

Title

Yoast SEO - Security issue which allowed any user to reset settings

Fixed in

Fixed in 1.4.5

CVSS

n/a