Yoast SEO Premium Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the Yoast SEO Premium plugin for WordPress, affecting versions 25.7 to 25.9. The issue arises from a regular expression flaw that improperly sanitizes HTML attributes in post content, allowing users with Contributor access or higher to inject malicious JavaScript payloads. This vulnerability exploits the plugin's AI feature, enabled by default, and could lead to the execution of arbitrary JavaScript in the context of the user viewing the post.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the content.

Reproduction

To reproduce this vulnerability, a user with Contributor or higher access can create a post with a crafted HTML link. The link should include a 'data-target' attribute, mixed quotes to bypass the regex sanitization, and a JavaScript payload, such as an 'onfocus' event. Once the post is published, the injected script will execute when the link is focused.

Remediation

Users are advised to update to Yoast SEO Premium version 26.0 or later, where this vulnerability has been patched.