Description

WordPress Plugin Yoast SEO is prone to an information disclosure vulnerability. Attackers can exploit this issue to disclose plugin settings and post metadata relative to focus and terms keywords. WordPress Plugin Yoast SEO version 3.2.4 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 3.2.5 or latest

References

https://www.wordfence.com/blog/2016/05/yoast-seo-vulnerability/

https://www.pluginvulnerabilities.com/2016/05/11/information-disclosure-vulnerability-in-yoast-seo/

https://wordpress.org/plugins/wordpress-seo/changelog/

Related Vulnerabilities

Joomla! Core Security Bypass (2.5.0 - 3.9.19)

LimeSurvey Incorrect Default Permissions Vulnerability (CVE-2019-16183)

WordPress Plugin Admin Management Xtended Privilege Escalation (2.4.0)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3553)

Werkzeug WSGI Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-25577)

Severity

High

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Information Disclosure