CVE-2025-11241
📋 TL;DR
The Yoast SEO Premium WordPress plugin versions 25.7 to 25.9 contain a stored cross-site scripting vulnerability due to improper input sanitization. An attacker with Contributor-level access or higher can inject malicious JavaScript into posts, which executes when other users view the compromised content. This affects WordPress sites using the vulnerable plugin versions.
💻 Affected Systems
- Yoast SEO Premium WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker gains administrative privileges, steals session cookies, defaces the website, or installs backdoors by exploiting trusted users who view malicious posts.
Likely Case
Attackers inject malicious scripts that redirect users to phishing sites, steal credentials, or perform actions on behalf of authenticated users.
If Mitigated
With proper user role management and content review processes, the impact is limited to isolated post compromises that can be quickly identified and removed.
🎯 Exploit Status
Exploitation requires Contributor or higher privileges. The vulnerability is well-documented with public technical details.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 26.0
Vendor Advisory: https://developer.yoast.com/changelog/yoast-seo-premium/26.0/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Yoast SEO Premium and click 'Update Now'. 4. Verify version is 26.0 or higher.
🔧 Temporary Workarounds
Temporary Plugin Deactivation
allDisable the vulnerable plugin until patching is possible
wp plugin deactivate wordpress-seo-premium
Restrict User Roles
allTemporarily remove Contributor and Author roles or limit post publishing capabilities
🧯 If You Can't Patch
- Implement strict content review workflows for all posts before publication
- Apply web application firewall rules to block XSS payload patterns
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Yoast SEO Premium version. If version is between 25.7 and 25.9 inclusive, the system is vulnerable.Check Version:
wp plugin get wordpress-seo-premium --field=versionVerify Fix Applied:
Confirm Yoast SEO Premium version is 26.0 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual post creation/modification by Contributor/Authors
- Posts containing suspicious HTML attributes or JavaScript event handlers
Network Indicators:
- Outbound connections to suspicious domains from WordPress admin pages
- Unexpected JavaScript execution in post content
SIEM Query:
source="wordpress" AND (event="post_published" OR event="post_updated") AND user_role IN ("contributor", "author", "editor") AND content CONTAINS ("onclick=" OR "onload=" OR "onerror=")