Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Yoast — Vulnerabilities & Security Advisories 10

Browse all 10 CVE security advisories affecting Yoast. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Yoast is a WordPress plugin focused on SEO optimization and content management. Historically, vulnerabilities have commonly included stored cross-site scripting (XSS), arbitrary file uploads, and privilege escalation flaws, with several instances allowing remote code execution. The plugin's extensive user base has made it a frequent target for exploitation. In 2020, a critical RCE vulnerability (CVE-2020-14040) affected versions prior to 14.1.1, enabling attackers to execute arbitrary code through crafted requests. While Yoast has addressed these issues through patches, its complex functionality and integration with WordPress core continue to present potential attack surfaces, requiring regular updates and input sanitization to mitigate risks.

Top products by Yoast: Yoast SEO – Advanced SEO with real-time guidance and built-in AI Yoast SEO: Local Yoast Local Premium Yoast SEO Premium Duplicate-Post Yoast Duplicate Post
CVE IDTitleCVSSSeverityPublished
CVE-2026-3427 Yoast SEO <= 27.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'jsonText' Block Attribute — Yoast SEO – Advanced SEO with real-time guidance and built-in AICWE-79 6.4 Medium2026-03-22
CVE-2026-1217 Yoast Duplicate Post <= 4.5 - Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite — Yoast Duplicate PostCWE-862 5.4 Medium2026-03-18
CVE-2019-25314 Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting — Duplicate-Post 5.5 Medium2026-02-11
CVE-2026-1293 Yoast SEO <= 26.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'yoast-schema' Block Attribute — Yoast SEO – Advanced SEO with real-time guidance and built-in AICWE-79 6.4 Medium2026-02-06
CVE-2023-28775 WordPress Yoast SEO Premium plugin <= 20.4 - Unauthenticated Zapier API Key Reset vulnerability — Yoast SEO PremiumCWE-862 5.3 Medium2024-06-11
CVE-2024-4984 Yoast SEO <= 22.6 - Authenticated (Contributor+) Stored Cross-Site Scripting — Yoast SEO – Advanced SEO with real-time guidance and built-in AICWE-79 6.4 Medium2024-05-16
CVE-2024-4041 Yoast SEO <= 22.5 - Reflected Cross-Site Scripting — Yoast SEO – Advanced SEO with real-time guidance and built-in AICWE-79 6.1 Medium2024-05-09
CVE-2023-28780 WordPress Yoast SEO: Local Plugin <= 14.8 is vulnerable to Cross Site Request Forgery (CSRF) — Yoast Local PremiumCWE-352 6.5 Medium2023-11-18
CVE-2023-32300 WordPress Yoast SEO: Local Plugin <= 14.8 is vulnerable to Cross Site Scripting (XSS) — Yoast SEO: LocalCWE-79 7.1 High2023-08-23
CVE-2023-28785 WordPress Yoast SEO: Local Plugin <= 14.9 is vulnerable to Cross Site Scripting (XSS) — Yoast SEO: LocalCWE-79 6.5 Medium2023-05-28

This page lists every published CVE security advisory associated with Yoast. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.