Missing Authorization Vulnerability Affects Yoast SEO Premium
CVE-2023-28775
5.3MEDIUM
Summary
A missing authorization vulnerability affects Yoast SEO Premium, allowing unauthorized users to reset Zapier API keys without proper validation. This flaw can potentially lead to unauthorized access and expose sensitive data, posing risks to website owners using the affected versions. It is crucial for users to update their plugins promptly to safeguard against these security threats.
Affected Version(s)
Yoast SEO Premium <= 20.4
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Rafie Muhammad (Patchstack)