CVE-2025-11241

Name of the Vulnerable Software and Affected Versions Yoast SEO Premium plugin for WordPress versions 25.7 through 25.9

Description The software is susceptible to a Stored Cross-Site Scripting issue stemming from a flawed regular expression used to remove an attribute within post content. This flaw enables the injection of arbitrary HTML attributes, including JavaScript event handlers. A user with Contributor access or higher can exploit this to create a post containing a malicious JavaScript payload.

Recommendations Update to a version beyond 25.9.