CVE-2025-11241 🟡 Medium

CVE-2025-11241: The Yoast SEO Premium plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versio...

The Yoast SEO Premium plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 25.7 to 25.9 due to a flawed regex used to remove an attribute in post content, which can be abused to inject arbitrary HTML attributes, including JavaScript event handlers. This vulnerability allo...

CVE ID

CVE-2025-11241

CVSS Score

6.4

Vendor

wordpress yoast seo premium

Published

Oct 03

## Overview

The Yoast SEO Premium plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 25.7 to 25.9 due to a flawed regex used to remove an attribute in post content, which can be abused to inject arbitrary HTML attributes, including JavaScript event handlers. This vulnerability allows a user with Contributor access or higher to create a post containing a malicious JavaScript payload.

## References

For more information, visit:
- [NIST NVD](https://nvd.nist.gov/vuln/detail/CVE-2025-11241)
- [MITRE CVE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11241)

Vulnerability Details

CVE ID
CVE-2025-11241
Severity
Medium
CVSS v3 Score
6.4 / 10.0
Affected Vendor
wordpress yoast seo premium
Publication Date
October 03, 2025

External Resources

Need Help?

Protect your infrastructure with our comprehensive security scanning tools.

Explore Security Scanners