CVE-2021-25118
N/A
N/A
Summary
The Yoast SEO WordPress plugin (from versions 16.7 until 17.2) discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | Yoast SEO | 16.7 < 16.7* | affected |
| Unknown | Yoast SEO | 17.3 < 17.3 | affected |
Weaknesses
- CWE-200: CWE-200 Information Exposure
ADP Enrichment
CVE Program Container
Additional References
- https://wpscan.com/vulnerability/2c3f9038-632d-40ef-a099-6ea202efb550
- https://plugins.trac.wordpress.org/changeset/2608691
References
- https://wpscan.com/vulnerability/2c3f9038-632d-40ef-a099-6ea202efb550
- https://plugins.trac.wordpress.org/changeset/2608691
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.