Описание
The Yoast SEO WordPress plugin (from versions 16.7 until 17.2) discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.
Ссылки
- Release NotesThird Party Advisory
- ExploitThird Party Advisory
- Release NotesThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 16.7 (включая) до 17.3 (исключая)
cpe:2.3:a:yoast:yoast_seo:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 96%
0.27358
Средний
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 5.3
github
почти 4 года назад
The Yoast SEO WordPress plugin before 17.3 discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.
EPSS
Процентиль: 96%
0.27358
Средний
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200