Badconker

**Name of the Vulnerable Software and Affected Versions** WordPress SEO by Yoast plugin versions prior to 2.2 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `post title` parameter to "wp-admin/post-new.php". This is due to improper handling in the snippet preview functionality. **Recommendations** For WordPress SEO by Yoast plugin versions prior to 2.2, update to version 2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the snippet preview functionality until the update is applied. Avoid using the `post title` parameter in the affected functionality until the issue is resolved.