CVE-2021-25118

The Yoast SEO WordPress plugin (from versions 16.7 until 17.2) discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.
Configurations

Configuration 1 (hide)

cpe:2.3:a:yoast:yoast_seo:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 05:54

Type Values Removed Values Added
References () https://plugins.trac.wordpress.org/changeset/2608691 - Release Notes, Third Party Advisory () https://plugins.trac.wordpress.org/changeset/2608691 - Release Notes, Third Party Advisory
References () https://wpscan.com/vulnerability/2c3f9038-632d-40ef-a099-6ea202efb550 - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/2c3f9038-632d-40ef-a099-6ea202efb550 - Exploit, Third Party Advisory

27 Oct 2022, 20:14

Type Values Removed Values Added
Summary The Yoast SEO WordPress plugin before 17.3 discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities. The Yoast SEO WordPress plugin (from versions 16.7 until 17.2) discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.

08 Mar 2022, 16:29

Type Values Removed Values Added
References (MISC) https://wpscan.com/vulnerability/2c3f9038-632d-40ef-a099-6ea202efb550 - (MISC) https://wpscan.com/vulnerability/2c3f9038-632d-40ef-a099-6ea202efb550 - Exploit, Third Party Advisory
References (CONFIRM) https://plugins.trac.wordpress.org/changeset/2608691 - (CONFIRM) https://plugins.trac.wordpress.org/changeset/2608691 - Release Notes, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 5.3
CPE cpe:2.3:a:yoast:yoast_seo:*:*:*:*:*:wordpress:*:*

28 Feb 2022, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-02-28 09:15

Updated : 2024-11-21 05:54


NVD link : CVE-2021-25118

Mitre link : CVE-2021-25118

CVE.ORG link : CVE-2021-25118


JSON object : View

Products Affected

yoast

  • yoast_seo
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor