WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Yoast SEO 1.2.0-11.5 - Authenticated Stored XSS

Description

The vendor's description, reference included below:

"Yoast SEO 11.6 also fixes a security issue regarding term pages in WordPress. Unfiltered code was allowed in some fields. This, however, does not pose a problem for single user sites. In specific cases, on multisite installs, this might become an issue because of the way user roles function."

Affects Plugins

wordpress-seo
Fixed in version 11.6
wordpress-seo-premium
Fixed in version 11.6

References

CVE
CVE-2019-13478
URL
https://gist.github.com/sybrew/2f53625104ee013d2f599ac254f635ee
URL
https://github.com/Yoast/wordpress-seo/pull/13221
URL
https://yoast.com/yoast-seo-11.6/

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Sybre Waaijer

Submitter

Sybre Waaijer

Submitter website
https://theseoframework.com/
Submitter twitter
SybreWaaijer
Verified

No

WPVDB ID
8bc4cf95-79f7-4d92-b320-a841ab7e6a6f

Timeline

Publicly Published

2019-07-09 (about 2 years ago)

Added

2019-07-10 (about 2 years ago)

Last Updated

2020-09-22 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin