CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vulnerability Search

Press ESC to close
# Vendor CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 Yoast CVE-2019-13478 20 2019-07-09 2019-07-31
7.5
None Remote Low Not required Partial Partial Partial
The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in term descriptions.
2 Yoast CVE-2017-16842 79 XSS 2017-11-15 2017-12-03
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in admin/google_search_console/class-gsc-table.php in the Yoast SEO plugin before 5.8.0 for WordPress allows remote attackers to inject arbitrary web script or HTML.
3 Yoast CVE-2015-2293 352 Sql CSRF 2015-03-17 2015-03-18
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remote attackers to hijack the authentication of certain users for requests that conduct SQL injection attacks via the (1) order_by or (2) order parameter in the wpseo_bulk-editor page.
4 Yoast CVE-2015-2292 89 Exec Code Sql CSRF 2015-03-17 2016-12-02
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) order_by or (2) order parameter in the wpseo_bulk-editor page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
5 Yoast CVE-2014-9174 79 XSS 2014-12-02 2017-09-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Google Analytics by Yoast (google-analytics-for-wordpress) plugin before 5.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Manually enter your UA code" (manual_ua_code_field) field in the General Settings.
6 Yoast CVE-2012-6692 79 XSS 2015-06-17 2016-11-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in js/wp-seo-metabox.js in the WordPress SEO by Yoast plugin before 2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the post_title parameter to wp-admin/post-new.php, which is not properly handled in the snippet preview functionality.

Vendor
Add %'s for "like" queries( e.g:php% will match vendors starting with the string php. But you are not allowed to use %'s at the beginning of search phrase, or use more than one % due to performance problems)
You can enter multiple vendor names separated by ',' characters (without the quotes), vendor names will be OR'ed. You can also use % characters when entering multiple vendors.
Product
Add %'s for "like" queries( e.g:php% will match products starting with the string php. But you are not allowed to use %'s at the beginning of search phrase, or use more than one % due to performance problems)
You can enter multiple product names separated by ',' characters (without the quotes), product names will be OR'ed. You can also use % characters when entering multiple products.
CVE ID
Exact match
Microsoft Bulletin
Exact match
Bugtraq Id (BID)
Exact match
CWE ID
Exact match
Public Exploit
CVSS Score Minimum : Maximum: (Both values are used as "equals or greater than")
Vulnerability Publish Date Between : Year: Month: And : Year : Month :
Vulnerability Update Date Between : Year: Month: And : Year : Month :
Vulnerability Type












Access Vector


Complexity


Authentication


Confidentiality


Integrity


Availability


Gained Access
(Security Protection)




CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.