CVE-2025-11241

by Fred · 03/10/2025

The Yoast SEO Premium plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 25.7 to 25.9 due to a flawed regex used to remove an attribute in post content, which can be abused to inject arbitrary HTML attributes, including JavaScript event handlers. This vulnerability allows a user with Contributor access or higher to create a post containing a malicious JavaScript payload.

More information : https://developer.yoast.com/changelog/yoast-seo-premium/26.0/

CVE-2025-11241

Similar

Recent Posts

Categories

CVE-2025-11241

Share this:

Similar

Recent Posts

Categories

Tags