QwikSec

Security Database

CVE

CWE

Training

CVE-2021-25118

Published: Feb 28, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

The Yoast SEO WordPress plugin (from versions 16.7 until 17.2) discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.

Vendor	Product	Versions
Unknown	Yoast SEO	affected `16.7 - < 16.7*` affected `17.3 - < 17.3`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/2c3f9038-632d-40ef-a099-6ea202efb550

x_refsource_MISC

https://plugins.trac.wordpress.org/changeset/2608691

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.