WordPress is the most popular CMS for website development.  It is easy to develop website and used different functionality through different Plugins. In this blog, I would like to share the Yoast plugin vulnerability found by tenable.

Yoast SEO (wordpress-seo) plugin is a search engine optimization plugin used in it. A Race condition vulnerability in unzip_file in admin/import/class-import-settings.php. The Yoast SEO (wordpress-seo) plugin before 9.2.0 for WordPress allows an SEO Manager to perform command execution on the Operating System via a ZIP import. An attacker could exploit the vulnerability to execute commands on the operating system.

Proof of concept file

Proof of concept Video.


Please enter your comment!
Please enter your name here