Yoast SEO plugin before 11.6-RC5 Improper Input Validation Vulnerability


The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in term descriptions.


The information has been provided by Sybre Waaijer

The original article can be found at:




Yoast SEO 11.6 also fixes a security issue regarding term pages in WordPress. Unfiltered code was allowed in some fields. This, however, does not pose a problem for single user sites. In specific cases, on multisite installs, this might become an issue because of the way user roles function.

Vulnerable Systems:

Yoast SEO plugin before 11.6-RC5

CVE Information:


Disclosure Timeline:
Published Date:07/16/2019