CVE-2021-25118

CVE-2021-25118: Yoast SEO 16.7-17.2 - Unauthenticated Full Path Disclosure

Vendor Unknown

Product Yoast SEO

Weakness CWE-200 · Info exposure

Published February 28, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

The Yoast SEO WordPress plugin (from versions 16.7 until 17.2) discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.

Key dates

Disclosure timeline

February 28, 2022 CVE published

August 3, 2024 Record updated

Identifiers

CVE CVE-2021-25118

CWE CWE-200

Affected versions

Vendor Unknown

Product Yoast SEO

Affected ≥ 16.7 and < 16.7*

Vendor Unknown

Product Yoast SEO

Affected ≥ 17.3 and < 17.3