cleantalk
Vulnerabilities and Security Researches

Yoast SEO, CVE-2018-19370

CVE, Research URL

CVE-2018-19370

Home page URL

Security reports for Yoast SEO

Application

Yoast SEO

Published on
Nov 29, 2018
Research Description
A Race condition vulnerability in unzip_file in admin/import/class-import-settings.php in the Yoast SEO (wordpress-seo) plugin before 9.2.0 for WordPress allows an SEO Manager to perform command execution on the Operating System via a ZIP import.
Affected versions
Min -, max 9.2.0.
Status
vulnerable
Previous vulnerability researches
Yoast SEO , Sep 02, 2024
Yoast SEO (CVE-2015-2293) , Jun 07, 2024
Yoast SEO (CVE-2021-25118) , Jun 07, 2024
Yoast SEO (CVE-2021-24153) , Jun 07, 2024
Yoast SEO (CVE-2019-13478) , Jun 07, 2024
New vulnerability
Redis Object Cache , Sep 17, 2025
Zakra (CVE-2025-8595) , Sep 15, 2025
PDF Embedder , Sep 11, 2025
Pixeline's Email Protector (CVE-2025-58982) , Sep 11, 2025
Include Me (CVE-2025-58983) , Sep 11, 2025