Vulnerability Details CVE-2021-25118
The Yoast SEO WordPress plugin (from versions 16.7 until 17.2) discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.078
EPSS Ranking 91.5%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
Products affected by CVE-2021-25118
-
cpe:2.3:a:yoast:yoast_seo:16.7
-
cpe:2.3:a:yoast:yoast_seo:16.8
-
cpe:2.3:a:yoast:yoast_seo:16.9
-
cpe:2.3:a:yoast:yoast_seo:17.0
-
cpe:2.3:a:yoast:yoast_seo:17.1
-
cpe:2.3:a:yoast:yoast_seo:17.2
-
cpe:2.3:a:yoast:yoast_seo:17.2.1