WordPress is the most popular CMS for website development. It is easy to develop website and used different functionality through different Plugins. In this blog, I would like to share the Yoast plugin vulnerability found by tenable.
Yoast SEO (wordpress-seo) plugin is a search engine optimization plugin used in it. A Race condition vulnerability in unzip_file in admin/import/class-import-settings.php. The Yoast SEO (wordpress-seo) plugin before 9.2.0 for WordPress allows an SEO Manager to perform command execution on the Operating System via a ZIP import. An attacker could exploit the vulnerability to execute commands on the operating system.