CVE-2021-25118 PoC — WordPress plugin Yoast SEO 信息泄露漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-25118.yaml

Associated Vulnerability

Title:WordPress plugin Yoast SEO 信息泄露漏洞 (CVE-2021-25118)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Yoast SEO 17.3之前版本存在信息泄露漏洞，该漏洞源于插件通过wp/v2/posts REST端点公开了帖子中特色图片的完整内部路径，这可以帮助攻击者识别其他漏洞，或在攻击其他已识别漏洞的过程中提供帮助。

Description

Yoast SEO plugin 16.7 to 17.2 is susceptible to information disclosure, The plugin discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints, which can help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.

File Snapshot


 id: CVE-2021-25118

info:
  name: Yoast SEO 16.7-17.2 - Information Disclosure
  author: DhiyaneshDK

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!