GCVE - cpe:2.3:a:yoast:yoast_seo:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:yoast:yoast_seo:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Yoast (`73453df7-06f9-5a08-ba8b-ba3ccdcb48d1`)
Product	Yoast Seo (`6f5476ad-2cc2-5d78-9c00-ec2e19b63ced`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/yoast/yoast-seo-for-typo3`	purl2cpe	2026-06-01 10:11:32.309454

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-40680`	vulnerable	2026-06-08 06:11:04.214084	WordPress Yoast SEO Plugin <= 21.0 is vulnerable to Cross Site Scripting (XSS) MEDIUM (5.9) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Yoast Yoast SEO allows Stored XSS.This issue affects Yoast SEO: from n/a through 21.0. Published: 2023-11-30T12:21:54.791Z Updated: 2026-04-28T16:08:37.206Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/wordpress-seo/wordpress-yoast-seo-plugin-21-0-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-32300`	vulnerable	2026-06-08 06:04:45.461043	WordPress Yoast SEO: Local Plugin <= 14.8 is vulnerable to Cross Site Scripting (XSS) HIGH (7.1) Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <= 14.8 versions. Published: 2023-08-23T14:12:36.529Z Updated: 2026-04-28T16:08:22.797Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/wpseo-local/wordpress-yoast-seo-local-plugin-14-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-28785`	vulnerable	2026-06-08 06:02:35.737965	WordPress Yoast SEO: Local Plugin <= 14.9 is vulnerable to Cross Site Scripting (XSS) MEDIUM (6.5) Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <= 14.9 versions. Published: 2023-05-28T18:47:17.763Z Updated: 2026-04-28T16:08:16.781Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/wpseo-local/wordpress-yoast-seo-local-plugin-14-9-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-28775`	vulnerable	2026-06-08 06:02:35.712182	WordPress Yoast SEO Premium plugin <= 20.4 - Unauthenticated Zapier API Key Reset vulnerability MEDIUM (5.3) Missing Authorization vulnerability in Yoast Yoast SEO Premium.This issue affects Yoast SEO Premium: from n/a through 20.4. Published: 2024-06-11T09:16:19.210Z Updated: 2026-04-28T16:08:16.577Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/wordpress-seo-premium/wordpress-yoast-seo-premium-plugin-20-4-unauthenticated-zapier-api-key-reset-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-25118`	vulnerable	2026-06-08 05:30:39.998721	Yoast SEO 16.7-17.2 - Unauthenticated Full Path Disclosure The Yoast SEO WordPress plugin (from versions 16.7 until 17.2) discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities. Published: 2022-02-28T09:06:38.000Z Updated: 2024-08-03T19:56:10.582Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/2c3f9038-632d-40ef-a099-6ea202efb550 https://plugins.trac.wordpress.org/changeset/2608691	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-24153`	vulnerable	2026-06-08 05:30:03.877768	Yoast SEO < 3.4.1 - Authenticated Stored Cross-Site Scripting (XSS) A Stored Cross-Site Scripting vulnerability was discovered in the Yoast SEO WordPress plugin before 3.4.1, which had built-in blacklist filters which were blacklisting Parenthesis as well as several functions such as alert but bypasses were found. Published: 2021-04-05T18:27:42.000Z Updated: 2024-08-03T19:21:18.410Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/77810044-394d-4314-b9a1-20c7dca726dc https://plugins.trac.wordpress.org/changeset/1466243/wordpress-seo https://packetstormsecurity.com/files/138192/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-13478`	vulnerable	2026-06-08 05:12:42.296228	Details available CRITICAL (9.9) The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in term descriptions. Published: 2019-07-09T22:35:20.000Z Updated: 2024-08-04T23:57:39.408Z Open on db.gcve.eu Reference links https://github.com/Yoast/wordpress-seo/releases/tag/11.6-RC5 https://wpvulndb.com/vulnerabilities/9445	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-19370`	vulnerable	2026-06-08 05:11:15.692968	Details available A Race condition vulnerability in unzip_file in admin/import/class-import-settings.php in the Yoast SEO (wordpress-seo) plugin before 9.2.0 for WordPress allows an SEO Manager to perform command execution on the Operating System via a ZIP import. Published: 2018-11-28T22:00:00.000Z Updated: 2024-08-05T11:37:11.096Z Open on db.gcve.eu Reference links https://www.youtube.com/watch?v=nL141dcDGCY https://wordpress.org/plugins/wordpress-seo/#developers https://github.com/Yoast/wordpress-seo/pull/11502/commits/3bfa70a143f5ea3ee1934f3a1703bb5caf139ffa	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.