WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Yoast SEO 16.7-17.2 - Unauthenticated Full Path Disclosure

Description

The plugin (from versions 16.7 until 17.2) discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.

Proof of Concept

Put a featured image in a post, then execute 

curl -s 'https://example.com/wp-json/wp/v2/posts?per_page=1' | jq '.[0].yoast_head_json.og_image[0].path'

Affects Plugins

wordpress-seo
Fixed in version 17.3

References

CVE
CVE-2021-25118
URL
https://plugins.trac.wordpress.org/changeset/2608691

Classification

Type

FPD

OWASP top 10
A6: Security Misconfiguration
CWE
CWE-200

Miscellaneous

Original Researcher

Fariq Fadillah Gusti Insani

Submitter

Fariq Fadillah Gusti Insani

Submitter website
https://fariqfgi.medium.com/
Submitter twitter
fariqfgi
Verified

Yes

WPVDB ID
2c3f9038-632d-40ef-a099-6ea202efb550

Timeline

Publicly Published

2021-10-05 (about 1 years ago)

Added

2022-02-23 (about 1 years ago)

Last Updated

2022-09-08 (about 6 months ago)

Our Other Services

WPScan WordPress Security Plugin