CVE-2021-25118

nvd nist nuclei

Published: Feb 28, 2022Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

The Yoast SEO WordPress plugin (from versions 16.7 until 17.2) discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.

Affected (1)

Products: Yoast: Yoast Seo

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Yoast Yoast Seo	From 16.7 to 17.3

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://plugins.trac.wordpress.org/changeset/2608691

Source: contact@wpscan.com

Release NotesThird Party Advisory

https://wpscan.com/vulnerability/2c3f9038-632d-40ef-a099-6ea202efb550

Source: contact@wpscan.com

ExploitThird Party Advisory

https://plugins.trac.wordpress.org/changeset/2608691

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://wpscan.com/vulnerability/2c3f9038-632d-40ef-a099-6ea202efb550

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.