cleantalk
Vulnerabilities and Security Researches

Yoast SEO, CVE-2024-4041

CVE, Research URL

CVE-2024-4041

Home page URL

Security reports for Yoast SEO

Application

Yoast SEO

Published on
May 14, 2024
Research Description
The Yoast SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 22.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
Min -, max 22.6.
Status
vulnerable
Previous vulnerability researches
Yoast SEO , Sep 02, 2024
Yoast SEO (CVE-2015-2293) , Jun 07, 2024
Yoast SEO (CVE-2021-25118) , Jun 07, 2024
Yoast SEO (CVE-2021-24153) , Jun 07, 2024
Yoast SEO (CVE-2019-13478) , Jun 07, 2024
New vulnerability
Redis Object Cache , Sep 17, 2025
Zakra (CVE-2025-8595) , Sep 15, 2025
PDF Embedder , Sep 11, 2025
Pixeline's Email Protector (CVE-2025-58982) , Sep 11, 2025
Include Me (CVE-2025-58983) , Sep 11, 2025