Description

WordPress Plugin Yoast SEO is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently bypass restrictions placed on the 'reset settings' feature. WordPress Plugin Yoast SEO version 1.4.6 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.4.7 or latest

References

http://secunia.com/advisories/52918/

http://www.securityfocus.com/bid/58963/

Related Vulnerabilities

Joomla Insufficient Verification of Data Authenticity Vulnerability (CVE-2020-15699)

WordPress Plugin Product Slider For WooCommerce Lite includes Backdoor [Only if downloaded via the vendor website] (1.1.5)

WordPress Plugin Bulk Delete Privilege Escalation (5.5.3)

Liferay Portal CVE-2011-1571 Vulnerability (CVE-2011-1571)

WordPress 2.6.1 Lost Password SQL Column Truncation Unauthorized Access Vulnerability (0.71 - 2.6.1)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass