Yoast SEO

Information

Software Type Plugin
Software Slug wordpress-seo (view on wordpress.org)
Software Status Active
Software Author yoast
Software Website yoa.st
Software Downloads 751,472,256
Software Active Installs 10,000,000
Software Record Last Updated December 18, 2024

16 Vulnerabilities

4.7
CVE ID Unknown
Jun 14, 2016
Researchers:
5.3
CVE ID Unknown
May 6, 2016
Researcher: Panagiotis Vagenas
6.1
CVE ID Unknown
Apr 20, 2015
Researchers:
6.5
CVE ID Unknown
Aug 1, 2014
Researchers:
Title Status CVE ID CVSS Researchers Date
Yoast SEO <= 22.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2024-4984 6.4 rob006 May 14, 2024
Yoast SEO <= 22.5 - Reflected Cross-Site Scripting Patched CVE-2024-4041 6.1 Bassem Essam May 6, 2024
Yoast SEO <= 21.0 - Authenticated (Seo Manager+) Stored Cross-Site Scripting Patched CVE-2023-40680 5.5 Rafie Muhammad November 24, 2023
Yoast SEO <= 20.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched 6.4 Leonidas Milosis March 2, 2023
Yoast SEO <= 17.2 - Full Path Disclosure Patched CVE-2021-25118 5.3 Fariq Fadillah Gusti Insani (fariqfgi) October 5, 2021
Yoast SEO <= 11.5 - Authenticated Stored Cross Site Scripting Patched CVE-2019-13478 6.4 Sybre Waaijer July 9, 2019
Yoast SEO <= 9.1.0 - Race Condition to Remote Code Execution Patched CVE-2018-19370 6.6 November 6, 2018
Yoast SEO <= 5.7.1 - Reflected Cross-Site Scripting Patched CVE-2017-16842 6.1 Elias Dimopoulos November 22, 2017
Yoast SEO <= 3.4.0 - Authenticated Stored Cross-Site Scripting Patched CVE-2021-24153 5.4 Hammad Shamsi August 2, 2016
Yoast SEO <= 3.2.5 - Cross-Site Scripting Patched 4.7 June 14, 2016
Yoast SEO <= 3.2.4 - Sensitive Data Exposure Patched 5.3 Panagiotis Vagenas May 6, 2016
Yoast SEO <= 2.0.1 - Reflected Cross-Site Scripting Patched 6.1 April 20, 2015
Yoast SEO <= 1.7.3.3 - Blind SQL Injection Patched CVE-2015-2292 8.8 Ryan Dewhurst March 11, 2015
Yoast SEO <= 1.7.3.3 - Cross-Site Request Forgery Patched CVE-2015-2293 7.5 Ryan Dewhurst March 10, 2015
Yoast SEO <= 1.4.6 - Missing Authorization Patched 6.5 August 1, 2014
Yoast SEO <= 2.1.1 - Cross Site Scripting via post_title parameter Patched CVE-2012-6692 6.1 October 31, 2012

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation