WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Yoast SEO <= 5.7.1 - Authenticated Cross-Site Scripting (XSS)

Description

Cross-site scripting (XSS) vulnerability in admin/google_search_console/class-gsc-table.php in the Yoast SEO plugin before 5.8.0 for WordPress allows remote attackers to inject arbitrary web script or HTML.

Affects Plugins

wordpress-seo
Fixed in version 5.8

References

CVE
CVE-2017-16842
URL
https://plugins.trac.wordpress.org/changeset/1766831/wordpress-seo/trunk/admin/google_search_console/class-gsc-table.php
URL
https://packetstormsecurity.com/files/145080/

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter
ethicalhack3r
Verified

No

WPVDB ID
41e0aa47-f2f6-4f64-a95e-ed5c884bfe9e

Timeline

Publicly Published

2017-11-15 (about 4 years ago)

Added

2017-11-16 (about 4 years ago)

Last Updated

2020-09-22 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin