Yoast SEO 1.2.0-11.5 - Authenticated Stored XSS



Description
The vendor's description, reference included below:

"Yoast SEO 11.6 also fixes a security issue regarding term pages in WordPress. Unfiltered code was allowed in some fields. This, however, does not pose a problem for single user sites. In specific cases, on multisite installs, this might become an issue because of the way user roles function."

Affects Plugins

fixed in version 11.6
fixed in version 11.6

References

CVE 2019-13478
URL https://gist.github.com/sybrew/2f53625104ee013d2f599ac254f635ee
URL https://github.com/Yoast/wordpress-seo/pull/13221
URL https://yoast.com/yoast-seo-11.6/

Classification

Type XSS
OWASP Top 10 A3: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Sybre Waaijer
Submitter Sybre Waaijer
Submitter Website https://theseoframework.com/
Submitter Twitter SybreWaaijer
Views 6769
Verified No
WPVDB ID 9445

Timeline

Publicly Published 2019-07-09 (15 days ago)
Added 2019-07-10 (13 days ago)
Last Updated 2019-07-10 (13 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin