Vulnerability Description
The Yoast SEO WordPress plugin (from versions 16.7 until 17.2) discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Yoast | Yoast Seo | >= 16.7, < 17.3 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset/2608691Release NotesThird Party Advisory
- https://wpscan.com/vulnerability/2c3f9038-632d-40ef-a099-6ea202efb550ExploitThird Party Advisory
- https://plugins.trac.wordpress.org/changeset/2608691Release NotesThird Party Advisory
- https://wpscan.com/vulnerability/2c3f9038-632d-40ef-a099-6ea202efb550ExploitThird Party Advisory
FAQ
What is CVE-2021-25118?
CVE-2021-25118 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The Yoast SEO WordPress plugin (from versions 16.7 until 17.2) discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify oth...
How severe is CVE-2021-25118?
CVE-2021-25118 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-25118?
Check the references section above for vendor advisories and patch information. Affected products include: Yoast Yoast Seo.