Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Yoast — Vulnerabilities & Security Advisories 10

Browse all 10 CVE security advisories affecting Yoast. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Yoast:Yoast SEO – Advanced SEO with real-time guidance and built-in AIYoast SEO: LocalYoast Local PremiumYoast SEO PremiumDuplicate-PostYoast Duplicate Post
CVE IDTitleCVSSSeverityPublished
CVE-2026-3427 Yoast SEO <= 27.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'jsonText' Block Attribute — Yoast SEO – Advanced SEO with real-time guidance and built-in AICWE-79 6.4 Medium2026-03-22
CVE-2026-1217 Yoast Duplicate Post <= 4.5 - Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite — Yoast Duplicate PostCWE-862 5.4 Medium2026-03-18
CVE-2019-25314 Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting — Duplicate-Post 5.5 Medium2026-02-11
CVE-2026-1293 Yoast SEO <= 26.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'yoast-schema' Block Attribute — Yoast SEO – Advanced SEO with real-time guidance and built-in AICWE-79 6.4 Medium2026-02-06
CVE-2023-28775 WordPress Yoast SEO Premium plugin <= 20.4 - Unauthenticated Zapier API Key Reset vulnerability — Yoast SEO PremiumCWE-862 5.3 Medium2024-06-11
CVE-2024-4984 Yoast SEO <= 22.6 - Authenticated (Contributor+) Stored Cross-Site Scripting — Yoast SEO – Advanced SEO with real-time guidance and built-in AICWE-79 6.4 Medium2024-05-16
CVE-2024-4041 Yoast SEO <= 22.5 - Reflected Cross-Site Scripting — Yoast SEO – Advanced SEO with real-time guidance and built-in AICWE-79 6.1 Medium2024-05-09
CVE-2023-28780 WordPress Yoast SEO: Local Plugin <= 14.8 is vulnerable to Cross Site Request Forgery (CSRF) — Yoast Local PremiumCWE-352 6.5 Medium2023-11-18
CVE-2023-32300 WordPress Yoast SEO: Local Plugin <= 14.8 is vulnerable to Cross Site Scripting (XSS) — Yoast SEO: LocalCWE-79 7.1 High2023-08-23
CVE-2023-28785 WordPress Yoast SEO: Local Plugin <= 14.9 is vulnerable to Cross Site Scripting (XSS) — Yoast SEO: LocalCWE-79 6.5 Medium2023-05-28

This page lists every published CVE security advisory associated with Yoast. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.