WordPress Plugin Vulnerabilities

Yoast SEO < 5.8 - Authenticated Cross-Site Scripting (XSS)

Description

Cross-site scripting (XSS) vulnerability in admin/google_search_console/class-gsc-table.php in the Yoast SEO plugin before 5.8.0 for WordPress allows remote attackers to inject arbitrary web script or HTML.

Affects Plugins

Plugin icon
wordpress-seo
Fixed in 5.8

References

CVE
CVE-2017-16842
URL
https://packetstormsecurity.com/files/#145080/
URL
https://plugins.trac.wordpress.org/changeset/1766831/wordpress-seo/trunk/admin/google_search_console/class-gsc-table.php

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.8 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
41e0aa47-f2f6-4f64-a95e-ed5c884bfe9e

Timeline

Publicly Published
2017-11-15 (about 8 years ago)
Added
2017-11-16 (about 8 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2023-03-20
Title
Store Locator WordPress < 1.4.10 - Editor+ Stored XSS
Published
2024-10-31
Title
Gmap Point List <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2023-12-05
Title
Smart External Link Click Monitor [Link Log] <= 5.0.2 - Reflected Cross-Site Scripting
Published
2023-04-24
Title
Tippy <= 6.2.1 - Contributor+ Stored XSS
Published
2024-03-14
Title
Premium Addons for Elementor (Free < 4.10.24, Pro < 2.9.14) - Contributor+ Stored XSS