CVE-2026-3427

Name of the Vulnerable Software and Affected Versions Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress versions prior to 27.1.2

Description The Yoast SEO plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows authenticated attackers with Contributor-level access or higher to inject malicious web scripts into pages. When a user accesses an injected page, the scripts will execute. The vulnerability resides in the jsonText block attribute.

Recommendations Versions prior to 27.1.2 should be updated.