CVE-2026-1293

Name of the Vulnerable Software and Affected Versions Yoast SEO versions prior to 26.9

Description The Yoast SEO plugin for WordPress is affected by a Stored Cross-Site Scripting issue. Insufficient input sanitization and output escaping in the yoast-schema block attribute allows authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the affected page.

Recommendations Update Yoast SEO to version 26.9 or later.