PT-2022-9672 · Yoast · Yoast Seo
Fariq Fadillah Gusti Insani
·
Published
2022-02-28
·
Updated
2022-10-27
·
CVE-2021-25118
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Yoast SEO WordPress plugin versions 16.7 through 17.2
Description
The issue discloses the full internal path of featured images in posts via the "wp/v2/posts" REST endpoints, which could help an attacker identify other vulnerabilities or assist in the exploitation of other identified vulnerabilities.
Recommendations
For versions 16.7 through 17.2, update to version 17.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "wp/v2/posts" endpoint until the update is applied.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Yoast Seo