The Yoast SEO WordPress plugin (from versions 16.7 until 17.2) discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.
References
Link | Resource |
---|---|
https://plugins.trac.wordpress.org/changeset/2608691 | Release Notes Third Party Advisory |
https://wpscan.com/vulnerability/2c3f9038-632d-40ef-a099-6ea202efb550 | Exploit Third Party Advisory |
https://plugins.trac.wordpress.org/changeset/2608691 | Release Notes Third Party Advisory |
https://wpscan.com/vulnerability/2c3f9038-632d-40ef-a099-6ea202efb550 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 05:54
Type | Values Removed | Values Added |
---|---|---|
References | () https://plugins.trac.wordpress.org/changeset/2608691 - Release Notes, Third Party Advisory | |
References | () https://wpscan.com/vulnerability/2c3f9038-632d-40ef-a099-6ea202efb550 - Exploit, Third Party Advisory |
27 Oct 2022, 20:14
Type | Values Removed | Values Added |
---|---|---|
Summary | The Yoast SEO WordPress plugin (from versions 16.7 until 17.2) discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities. |
08 Mar 2022, 16:29
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://wpscan.com/vulnerability/2c3f9038-632d-40ef-a099-6ea202efb550 - Exploit, Third Party Advisory | |
References | (CONFIRM) https://plugins.trac.wordpress.org/changeset/2608691 - Release Notes, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
CPE | cpe:2.3:a:yoast:yoast_seo:*:*:*:*:*:wordpress:*:* |
28 Feb 2022, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-02-28 09:15
Updated : 2024-11-21 05:54
NVD link : CVE-2021-25118
Mitre link : CVE-2021-25118
CVE.ORG link : CVE-2021-25118
JSON object : View
Products Affected
yoast
- yoast_seo
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor