Yoast SEO plugin before 11.6-RC5 Improper Input Validation Vulnerability

Summary

The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in term descriptions.

Credit:

The information has been provided by Sybre Waaijer

The original article can be found at:

https://wpvulndb.com/vulnerabilities/9445

 


Details

Yoast SEO 11.6 also fixes a security issue regarding term pages in WordPress. Unfiltered code was allowed in some fields. This, however, does not pose a problem for single user sites. In specific cases, on multisite installs, this might become an issue because of the way user roles function.

Vulnerable Systems:

Yoast SEO plugin before 11.6-RC5

CVE Information:

CVE-2019-13478

Disclosure Timeline:
Published Date:07/16/2019