Yoast SEO < 3.4.1 - Authenticated Stored Cross-Site Scripting (XSS)

Description

A stored XSS scripting vulnerability was discovered in the plugin, which had built-in blacklist filters which were blacklisting Parenthesis as well as several functions such as alert but bypasses were found.

Affects Plugins

wordpress-seo

Fixed in version 3.4.1✓

References

CVE

CVE-2021-24153

URL

https://plugins.trac.wordpress.org/changeset/1466243/wordpress-seo

URL

https://packetstormsecurity.com/files/138192/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Original Researcher

Hammad Shamsi

Submitter

Anonymous

Verified

WPVDB ID

77810044-394d-4314-b9a1-20c7dca726dc

Timeline

Publicly Published

2016-08-02 (about 5 years ago)

Added

2016-08-03 (about 5 years ago)

Last Updated

2021-04-05 (about 6 months ago)

Our Other Services

WPScan WordPress Security Plugin