CVE-2021-25118

The Yoast SEO WordPress plugin (from versions 16.7 until 17.2) discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
WPScanCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
yoastyoast_seo
16.7 ≤
𝑥
< 17.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://plugins.trac.wordpress.org/changeset/2608691
https://wpscan.com/vulnerability/2c3f9038-632d-40ef-a099-6ea202efb550
https://plugins.trac.wordpress.org/changeset/2608691
https://wpscan.com/vulnerability/2c3f9038-632d-40ef-a099-6ea202efb550