Vulnerabilities > CVE-2021-25118 - Unspecified vulnerability in Yoast SEO

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

yoast

NVD

Published: 2022-02-28

Updated: 2024-11-21

Summary

The Yoast SEO WordPress plugin (from versions 16.7 until 17.2) discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.

Vulnerable Configurations

Part	Description	Count
Application	Yoast Yoast Yoast SEO 16.7 Yoast Yoast SEO 16.8 Yoast Yoast SEO 16.9 Yoast Yoast SEO 17.0 Yoast Yoast SEO 17.1 Yoast Yoast SEO 17.2 Yoast Yoast SEO 17.2.1	7

References

https://plugins.trac.wordpress.org/changeset/2608691
https://plugins.trac.wordpress.org/changeset/2608691
https://wpscan.com/vulnerability/2c3f9038-632d-40ef-a099-6ea202efb550
https://wpscan.com/vulnerability/2c3f9038-632d-40ef-a099-6ea202efb550