{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3427", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-03-02T06:32:06.224Z", "datePublished": "2026-03-22T03:26:35.127Z", "dateUpdated": "2026-04-08T17:35:14.548Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:35:14.548Z"}, "affected": [{"vendor": "yoast", "product": "Yoast SEO \u2013 Advanced SEO with real-time guidance and built-in AI", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "27.1.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Yoast SEO \u2013 Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the `jsonText` block attribute in all versions up to, and including, 27.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "Yoast SEO <= 27.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'jsonText' Block Attribute", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fee1fef5-5716-49e0-a04e-d0dae527fcfc?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wordpress-seo/tags/27.0/src/generators/schema/howto.php#L125"}, {"url": "https://plugins.trac.wordpress.org/browser/wordpress-seo/tags/27.0/inc/class-wpseo-utils.php#L915"}, {"url": "https://github.com/Yoast/wordpress-seo/pull/23035"}, {"url": "https://plugins.trac.wordpress.org/changeset/3475308/wordpress-seo"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Osvaldo Noe Gonzalez Del Rio"}], "timeline": [{"time": "2026-03-21T14:57:12.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T15:07:19.523880Z", "id": "CVE-2026-3427", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T15:53:10.981Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "Yoast SEO <= 27.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'jsonText' Block Attribute", "credits": [{"lang": "en", "type": "finder", "value": "Osvaldo Noe Gonzalez Del Rio"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "yoast", "product": "Yoast SEO \u2013 Advanced SEO with real-time guidance and built-in AI", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "27.1.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-03-21T14:57:12.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fee1fef5-5716-49e0-a04e-d0dae527fcfc?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wordpress-seo/tags/27.0/src/generators/schema/howto.php#L125"}, {"url": "https://plugins.trac.wordpress.org/browser/wordpress-seo/tags/27.0/inc/class-wpseo-utils.php#L915"}, {"url": "https://github.com/Yoast/wordpress-seo/pull/23035"}, {"url": "https://plugins.trac.wordpress.org/changeset/3475308/wordpress-seo"}], "descriptions": [{"lang": "en", "value": "The Yoast SEO \u2013 Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the `jsonText` block attribute in all versions up to, and including, 27.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-03-22T03:26:35.127Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3427", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-23T15:07:19.523880Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-03-23T15:07:20.637Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-3427", "state": "PUBLISHED", "dateUpdated": "2026-03-22T03:26:35.127Z", "dateReserved": "2026-03-02T06:32:06.224Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-03-22T03:26:35.127Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Yoast SEO \u2013 Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the `jsonText` block attribute in all versions up to, and including, 27.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}, {"lang": "es", "value": "El plugin Yoast SEO \u2013 Advanced SEO con gu\u00eda en tiempo real e IA integrada para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s del atributo de bloque 'jsonText' en todas las versiones hasta la 27.1.1, inclusive, debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto permite a atacantes autenticados, con acceso de nivel Colaborador o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."}], "id": "CVE-2026-3427", "lastModified": "2026-04-24T16:32:53.997", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-03-22T04:16:24.197", "references": [{"source": "security@wordfence.com", "url": "https://github.com/Yoast/wordpress-seo/pull/23035"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wordpress-seo/tags/27.0/inc/class-wpseo-utils.php#L915"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wordpress-seo/tags/27.0/src/generators/schema/howto.php#L125"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3475308/wordpress-seo"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fee1fef5-5716-49e0-a04e-d0dae527fcfc?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,27.1.1]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Yoast SEO \u2013 Advanced SEO with real-time guidance and built-in AI", "source": "cna", "vendor": "yoast"}, "product": "yoast_seo_\u2013_advanced_seo_with_real-time_guidance_and_built-in_ai", "vendor": "yoast"}], "analysis": {"en": {"generated_at": "2026-03-22T04:20:15.081485+00:00", "value": {"mitigation_remediation": ["Update the Yoast SEO plugin to the latest version (at least 27.1.2) to eliminate the stored XSS flaw.", "Verify that the plugin reports the upgraded version; if unknown, check the plugin\u2019s readme or changelog for the security fix.", "If an immediate upgrade is not possible, review and limit Contributor role capabilities to remove permission for editing blocks or content that can contain the vulnerable attribute.", "Monitor the site for any attempted script injection patterns and consider applying a web application firewall rule that blocks suspicious script payloads in block content."], "summary": {"action": "Patch Update", "impact": "Stored Cross\u2011Site Scripting (XSS) via the \u2018jsonText\u2019 block attribute"}, "threat_synthesis": {"affected_systems": "WordPress sites that have the Yoast SEO \u2013 Advanced SEO with real\u2011time guidance and built\u2011in AI plugin installed in any released version equal to or older than 27.1.1. This includes all users of that plugin who hold Contributor level access or higher.", "description_and_impact": "The Yoast SEO WordPress plugin allows authenticated users with Contributor or higher privileges to modify content that contains a \u2018jsonText\u2019 block attribute. Because input validation and output escaping are insufficient, this flaw permits the injection of arbitrary JavaScript code. An attacker who can gain or exploit such a role can embed malicious script that will run whenever a user views the affected page or post, leading to defacement, cookie theft, or redirection to malicious sites.", "risk_and_exploitability": "The CVSS score of 6.4 indicates a moderate severity vulnerability. No EPSS score is available, and the issue is not listed in the CISA KEV catalog. Exploitation requires valid authentication to WordPress; an attacker must obtain Contributor or higher role. Once logged in, the attacker can create or modify a block containing the \u2018jsonText\u2019 attribute to inject script, which will execute with the browser context of any user who visits the page. While the vulnerability does not grant arbitrary code execution on the server, it can compromise confidentiality and integrity of the affected site and its users."}}}}, "created": "2026-03-23T09:46:42.765810+00:00", "updated": "2026-03-25T14:46:42.870509+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress", "yoast", "yoast$PRODUCT$yoast_seo_\u2013_advanced_seo_with_real-time_guidance_and_built-in_ai"]}