ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Yoast SEO plugin <= 9.1.0 - Authenticated Command Execution vulnerability

Product
Yoast SEO
Description
Authenticated Command Execution vulnerability found by Dimopoulos Elias in WordPress Yoast SEO plugin (versions <= 9.1).
Solution
Update the WordPress Yoast SEO plugin to the latest available version (at least 9.2.0).
Classification
Type Unknown
OWASP Top 10 A7: Missing Function Level Access Control
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 9.1.0
Fixed In 9.2.0
Disclosure date
2018-11-20
Credits
Dimopoulos Elias
Submitter
ThreatPress