WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Yoast SEO

2021-10-05
Yoast SEO < 17.3 - Unauthenticated Full Path Disclosure
Fixed in version 17.3
2019-07-09
Yoast SEO 1.2.0-11.5 - Authenticated Stored XSS
Fixed in version 11.6
2018-11-20
Yoast SEO <= 9.1 - Authenticated Race Condition
Fixed in version 9.2
2017-11-15
Yoast SEO <= 5.7.1 - Authenticated Cross-Site Scripting (XSS)
Fixed in version 5.8
2016-08-02
Yoast SEO < 3.4.1 - Authenticated Stored Cross-Site Scripting (XSS)
Fixed in version 3.4.1
2016-06-14
Yoast SEO <= 3.2.5 - Unspecified Cross-Site Scripting (XSS)
Fixed in version 3.3.0
2016-05-06
Yoast SEO <= 3.2.4 - Subscriber Settings Sensitive Data Exposure
Fixed in version 3.2.5
2015-06-12
Yoast SEO <= 2.1.1 - Authenticated Stored DOM XSS
Fixed in version 2.2
2015-03-11
Yoast SEO <= 1.7.3.3 - Blind SQL Injection
Fixed in version 1.7.4
2014-08-01
Yoast SEO < 1.4.7 - Reset Settings Feature Access Restriction Bypass
Fixed in version 1.4.7
2014-08-01
Yoast SEO - Security issue which allowed any user to reset settings
Fixed in version 1.4.5