CVE-2023-40680


WordPress Yoast SEO Plugin <= 21.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Yoast Yoast SEO allows Stored XSS.This issue affects Yoast SEO: from n/a through 21.0.


We have discovered 2,016,067 live websites that are affected by CVE-2023-40680.

Contact us to get more info



Affected Software

Product  Yoast SEO
Category Search Engine Optimization
Vulnerable Versions
  • from 0 through 21
Total Vulnerable Versions366
Vulnerable Domains2,016,067 live websites (47.65% of Yoast SEO install base)


Common Weakness Enumeration


CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')



Details

  • Published - Nov 30, 2023
  • Updated - Nov 30, 2023

Credits

  • Rafie Muhammad (Patchstack) (finder)





Countries

United States488,518 websites


Germany168,882 websites
France163,088 websites
Italy121,977 websites
GB115,236 websites
Netherlands85,465 websites
Spain73,763 websites
Russia63,614 websites
Poland63,578 websites
Canada53,057 websites

TLDs

.com828,709 websites
.de108,971 websites
.it81,586 websites
.co.uk70,369 websites
.nl70,346 websites
.fr69,780 websites
.org67,783 websites
.ru51,999 websites
.pl47,618 websites
.net45,726 websites

Vulnerable Versions

Vulnerable versions are highlighted in red


References


Websites affected by CVE-2023-40680

Top websites that are affected by CVE-2023-40680. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
***********.com United States***
***.*******.com United States***
***.*********.com United States***
***.****.org United States*,***
***.******.com United States*,***
***.*****.es Spain*,***
***.***************.eu Romania*,***
***.***********.com Turkey*,***
******.at Austria*,***
***.**********.com United States*,***
See full domain list