Yoast SEO 16.7-17.2 - Unauthenticated Full Path Disclosure

The Yoast SEO WordPress plugin (from versions 16.7 until 17.2) discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.

N/A

信息暴露

WordPress plugin Yoast SEO 信息泄露漏洞

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Yoast SEO 17.3之前版本存在信息泄露漏洞，该漏洞源于插件通过wp/v2/posts REST端点公开了帖子中特色图片的完整内部路径，这可以帮助攻击者识别其他漏洞，或在攻击其他已识别漏洞的过程中提供帮助。

N/A

N/A