S4E

CVE-2021-25118 Scanner

Detects 'Path Traversal' vulnerability in Yoast SEO plugin for WordPress affects v. from 16.7 until 17.2.

Short Info


Level

Medium

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

29 days

Scan only one

URL

Toolbox

-

The Yoast SEO plugin is a popular WordPress tool used to optimize websites for search engines. It is designed to simplify the process of optimizing content and improving the overall SEO of a WordPress website. The plugin can be used for a variety of purposes such as improving search engine rankings, generating more traffic, and improving user engagement. With over 5 million active installations, the Yoast SEO plugin has become one of the most widely used SEO tools in the WordPress community. 

One of the vulnerabilities recently detected in this plugin is CVE-2021-25118. This vulnerability, which was present in versions 16.7 through 17.2 of the Yoast SEO WordPress plugin, allowed the disclosure of the full internal path of featured images in posts via the wp/v2/posts REST endpoints. Attackers could exploit this vulnerability to identify other vulnerabilities or exploit ones that they have already identified. This vulnerability was rated as 'Medium' in severity, with an overall CVSS score of 4.3.

When exploited, CVE-2021-25118 could lead to serious consequences that include unauthorized access to sensitive information, website defacement, data breaches, and even complete system compromise. Attackers could exploit this vulnerability to execute remote code, which could then be used to perform a variety of malicious activities such as taking control of the website, stealing sensitive information, and even launching more advanced attacks on other systems. Additionally, the full internal path disclosure of featured images in posts could lead to attackers exploiting other vulnerabilities present in the WordPress website.

In conclusion, it is important to take website security seriously and implement the necessary precautions to protect against vulnerabilities like CVE-2021-25118. With the pro features of the s4e.io platform, you can easily and quickly learn about vulnerabilities in your digital assets. The platform offers real-time monitoring, notifications, and alerts to help you address vulnerabilities before they can be exploited. Don't wait until it's too late, protect your digital assets today.

 

REFERENCES

Get started to protecting your Free Full Security Scan