CVE-2025-11241 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The Yoast SEO Premium plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 25.7 to 25.9 due to a flawed regex used to remove an attribu…
Medium CVSS: 6.4

CVE-2025-11241

The Yoast SEO Premium plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 25.7 to 25.9 due to a flawed regex used to remove an attribute in post content, which can be abused to inject arbitrary HTML attributes, including JavaScript event handlers. This vulnerability allows a user with Contributor access or higher to create a post containing a malicious JavaScript payload.
Vendor
-
Product
-
CWE
CWE-80
Yayın Tarihi
2025-10-03 02:15:30
Güncelleme
2025-10-06 14:57:05
Source Identifier
security@wordfence.com
KEV Date Added
-

Kategoriler

CWE-80 MEDIUM 2025

Referanslar

https://developer.yoast.com/changelog/yoast-seo-premium/26.0/ https://sec.stealthcopter.com/regexss/ https://www.wordfence.com/threat-intel/vulnerabilities/id/a6e3645d-ed1b-4c51-a463-c2691cb7168d?source=cve