Yoast SEO – Advanced SEO with real-time guidance and built-in AI

Vulnerabilities 32Slug wordpress-seoLatest version 27.5WordPress.org →

Minimum safe version

27.2

Update to 27.2 or later to address 32 fixable vulnerabilities

Latest available27.5 ✓

N/A

2026-02-05< 26.9

Yoast SEO <= 26.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'yoast-schema' Block Attribute

Wordfence CVE

N/A

2026-03-21< 27.2

Yoast SEO <= 27.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'jsonText' Block Attribute

Wordfence CVE

Medium 6.4

2024-05-16< 22.7

CVE-2024-4984

CVE Patchstack Wordfence

Medium 6.1

2024-05-09< 22.6

CVE-2024-4041

CVE Patchstack Wordfence

Medium 5.9

2023-11-30< 21.1

CVE-2023-40680

CVE Patchstack Wordfence WPScan

N/A

< 1.4.5

Yoast SEO - Security issue which allowed any user to reset settings

WPScan

N/A

< 1.4.7

Yoast SEO < 1.4.7 - Reset Settings Feature Access Restriction Bypass

WPScan

N/A

< 3.2.5

Yoast SEO <= 3.2.4 - Subscriber Settings Sensitive Data Exposure

WPScan

N/A

< 3.3.0

Yoast SEO <= 3.2.5 - Unspecified Cross-Site Scripting (XSS)

WPScan

N/A

2023-03-03< 20.2.1

WordPress Yoast SEO Plugin <= 20.2 is vulnerable to Cross Site Scripting (XSS)

Patchstack

N/A

2023-03-02< 20.2.1

Yoast SEO <= 20.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Wordfence

N/A

2014-08-01< 1.4.7

Yoast SEO <= 1.4.6 - Missing Authorization

Wordfence

N/A

2015-04-20< 2.1

Yoast SEO <= 2.0.1 - Reflected Cross-Site Scripting

Wordfence

N/A

2016-05-06< 3.2.5

Yoast SEO <= 3.2.4 - Sensitive Data Exposure

Wordfence

N/A

2016-06-14< 3.3.0

Yoast SEO <= 3.2.5 - Cross-Site Scripting

Wordfence

N/A

2015-04-20< 2.1

WordPress SEO by Yoast Plugin <= 2.0.1 - Cross Site Scripting

Patchstack

N/A

2016-05-06< 3.2.5

WordPress SEO by Yoast Plugin <= 3.2.4 - Sensitive Data Exposure

Patchstack

N/A

2016-06-14< 3.3.0

WordPress SEO by Yoast Plugin <= 3.2.5 - Cross Site Scripting

Patchstack

N/A

2016-07-28< 1.4.7

WordPress SEO by Yoast Plugin <= 1.4.6 - Bypass

Patchstack

N/A

2016-07-28< 1.4.5

WordPress SEO by Yoast Plugin <= 1.4.4 - Unknown Vulnerability

Patchstack

N/A

2016-08-03< 3.4.1

WordPress SEO by Yoast Plugin <= 3.4.0 - Cross Site Scripting

Patchstack

N/A

2017-05-11< 3.3.2

WordPress Yoast SEO plugin <= 3.3.1 - Cross-site Request Forgery (CSRF) Vulnerability

Patchstack

N/A

2017-11-20< 5.8.0

WordPress Yoast SEO plugin <=5.7.1 - Unauthenticated Cross-Site Scripting (XSS) vulnerability

Patchstack

N/A

2018-11-20< 9.2.0

WordPress Yoast SEO plugin <= 9.1.0 - Authenticated Command Execution vulnerability

Patchstack

N/A

2015-03-17< 1.7.4

CVE-2015-2293

CVE Patchstack Wordfence WPScan

N/A

2015-03-17< 1.7.4

CVE-2015-2292

CVE Patchstack Wordfence

N/A

2015-06-17< 2.2

CVE-2012-6692

CVE Wordfence WPScan

Medium 4.8

2017-11-22< 5.8.0

Yoast SEO <= 5.7.1 - Reflected Cross-Site Scripting

Wordfence CVE WPScan

Medium 6.6

2018-11-28< 9.2.0

CVE-2018-19370

CVE Wordfence WPScan

Critical 9.8

2019-07-10< 11.6

WordPress Yoast SEO plugin 1.2.0-11.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Patchstack CVE Wordfence WPScan

Medium 5.4

2021-04-05< 3.4.1

CVE-2021-24153

CVE Wordfence WPScan

Medium 5.3

2022-02-28< 17.3

CVE-2021-25118

CVE Patchstack Wordfence WPScan