WordPress is the most popular CMS for website development.  It is easy to develop website and used different functionality through different Plugins. In this blog, I would like to share the Yoast plugin vulnerability found by tenable.

Yoast SEO (wordpress-seo) plugin is a search engine optimization plugin used in it. A Race condition vulnerability in unzip_file in admin/import/class-import-settings.php. The Yoast SEO (wordpress-seo) plugin before 9.2.0 for WordPress allows an SEO Manager to perform command execution on the Operating System via a ZIP import. An attacker could exploit the vulnerability to execute commands on the operating system.

Proof of concept file

Proof of concept Video.

LEAVE A REPLY

Please enter your comment!
Please enter your name here