Test ID:	1.3.6.1.4.1.25623.1.0.124740
Category:	Web application abuses
Title:	WordPress Yoast SEO Plugin < 22.6 XSS Vulnerability
Summary:	The WordPress plugin 'Yoast SEO' is prone to a cross-site; scripting (XSS) vulnerability.
Description:	Summary: The WordPress plugin 'Yoast SEO' is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: The Yoast SEO plugin for WordPress is vulnerable to reflected cross-site scripting via URLs due to insufficient input sanitization and output escaping. Affected Software/OS: WordPress Yoast SEO plugin prior to version 22.6. Solution: Update to version 22.6 or later. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2024-4041 https://plugins.trac.wordpress.org/browser/wordpress-seo/trunk/inc/class-wpseo-admin-bar-menu.php#L601 https://plugins.trac.wordpress.org/browser/wordpress-seo/trunk/inc/class-wpseo-shortlinker.php#L20 https://plugins.trac.wordpress.org/browser/wordpress-seo/trunk/src/helpers/short-link-helper.php#L105 https://plugins.trac.wordpress.org/browser/wordpress-seo/trunk/src/helpers/short-link-helper.php#L45 https://plugins.trac.wordpress.org/changeset/3078555/wordpress-seo/trunk#file129 https://www.wordfence.com/threat-intel/vulnerabilities/id/4e04b161-3cd0-454d-869c-56f42bd8afb0?source=cve
Copyright	Copyright (C) 2025 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.