ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Yoast SEO plugin <=5.7.1 - Unauthenticated Cross-Site Scripting (XSS) vulnerability

Product
Yoast SEO
Description
Unauthenticated Cross-Site Scripting (XSS) vulnerability found in WordPress Yoast SEO plugin (versions <=5.7.1). Vulnerability found in "admin/google_search_console/class-gsc-table.php" of the WordPress Yoast SEO plugin versions before version 5.8.0, and it allows remote attackers to inject arbitrary web script or HTML.
Solution
Update the WordPress Yoast SEO plugin to the latest available version (at least 5.8.0).
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <=5.7.1
Fixed In 5.8.0
Disclosure date
2017-11-20
Submitter
ThreatPress