CVE-2018-19370

Published November 28th, 2018

View on NVD ↗

CVSS v3

N/A

CVSS v2

MEDIUM

Affected

PROJECTS

Description

A Race condition vulnerability in unzip_file in admin/import/class-import-settings.php in the Yoast SEO (wordpress-seo) plugin before 9.2.0 for WordPress allows an SEO Manager to perform command execution on the Operating System via a ZIP import.

Yoast SEO – Advanced SEO with real-time guidance and built-in AI

Improve your SEO with real-time feedback, schema, and clear guidance. Upgrade for AI tools, Google Docs integration, and 24/7 support, no hidden fees. <h3>Yoast SEO: The #1 WordPress SEO Plugin</h3> Since 2008, Yoast SEO has helped millions of websites worldwide improve their visibility and SEO performance. Our mission is SEO for Everyone — from small local businesses to some of the most visited sites on the web. Yoast SEO gives you everything you need to manage your on-site SEO effectively. The <a href="https://yoa.st/1v8" rel="nofollow ugc">Yoast SEO Premium</a> plugin and its extensions unlock even more advanced and AI-powered tools. <h3>Handing you the competitive edge</h3> SEO is the most consistent and cost-effective source of website traffic — but it can be complex. Whether you’re just starting out or an advanced user, Yoast SEO helps you handle SEO confidently and efficiently. Don’t have time to stay on top of AI search and best practices? Keeping Yoast SEO updated means you automatically benefit from ongoing technical improvements, schema updates, and AI advancements — all guided by our signature traffic light approach. Empower search engines to better understand your website using Schema.org structured data integration, and access in-depth content and readability analysis tools that help you create content designed to perform well in search. <h3>Quick and easy setup</h3> Setting up Yoast SEO is quick and straightforward — no technical background required. Our step-by-step configuration wizard walks you through essential setup details so Yoast SEO can generate accurate structured data that helps search engines understand your site. Switching from another SEO plugin like Rank Math or AIOSEO? Migration is seamless. Import your existing SEO data and settings safely with our built-in import/export tools. <h3>Content and AI features</h3> Unlock your content’s full potential with Yoast SEO’s advanced content analysis and AI-powered tools. Content optimization features: – Detailed SEO analysis to guide keyword targeting and site performance. – Readability analysis for clear, engaging, and user-friendly writing. – SERP previews for both desktop and mobile results. – HowTo and FAQ blocks with built-in schema support. – Breadcrumbs block for improved navigation. – Inclusive Language Analysis to make your content more considerate and accessible. – Semrush integration for keyword research directly in Yoast SEO. – Wincher integration to track keyword performance inside your dashboard. – Elementor integration for seamless optimization within your favorite builder. AI features (included in Premium): – <a href="https://yoa.st/51c" rel="nofollow ugc">Yoast AI Generate</a> – Instantly create five SEO-friendly titles and meta descriptions, with one-click regeneration for more options. – Yoast AI Optimize – Improve keyphrase placement (introduction, distribution, density) automatically. – Yoast AI Summarize (New 2025) – Generate quick content summaries for briefs or social posts. – All AI tools included – No extra accounts, limits, or hidden costs. These tools help you craft optimized, helpful content that resonates with readers and performs strongly across search platforms. <h3>Taking care of your technical SEO</h3> Yoast SEO automatically handles much of your site’s technical SEO, freeing you to focus on your content. Key technical SEO features: – Automated meta tag optimization right out of the box. – Canonical URLs to prevent duplicate content issues. – Advanced XML sitemaps for clear site indexing. – Best-in-class Schema.org integration to improve search understanding and appearance. – Complete breadcrumb control for visitors and crawlers. – Performance improvements that help reduce load times. – Crawl settings to manage how bots access your site and reduce environmental impact. – LLMs.txt management to guide how large language models interact with your content. Every update delivers ongoing technical SEO enhancements automatically. <h3>Keep your website in perfect shape</h3> Whether you’re a creator, business owner, or developer, Yoast SEO helps maintain your website’s SEO health: <ul> <li>Cornerstone content tools to organize and prioritize key pages.</li> <li>Front-end SEO inspector to view and edit titles, descriptions, and schema live.</li> <li>SEO roles to delegate plugin access securely across teams.</li> <li>Regular 2-week update cycle to ensure compatibility with the latest SEO standards and search engine changes.</li> </ul> <h3>Powerful integrations</h3> Yoast SEO works seamlessly with popular WordPress tools to enhance your workflow and results: <ul> <li><a href="https://en-gb.wordpress.org/plugins/google-site-kit/" rel="nofollow ugc">Google Site Kit</a>: Access insights from Search Console, Analytics, and PageSpeed directly inside WordPress.</li> <li><a href="https://wordpress.org/plugins/advanced-custom-fields/" rel="ugc">Advanced Custom Fields (ACF)</a>: Combine with <a href="https://wordpress.org/plugins/acf-content-analysis-for-yoast-seo/" rel="ugc">ACF Content Analysis for Yoast SEO</a> for advanced field optimization.</li> <li><a href="https://wordpress.org/plugins/elementor/" rel="ugc">Elementor</a>: Use full Yoast SEO functionality inside Elementor’s editor.</li> <li><a href="https://wordpress.org/plugins/wp-search-with-algolia/" rel="ugc">Algolia</a>: Enhance internal search accuracy and performance.</li> <li><a href="https://www.semrush.com/" rel="nofollow ugc">Semrush</a>: Discover and optimize for high-value keywords.</li> <li><a href="https://wincher.com/" rel="nofollow ugc">Wincher</a>: Track keyword positions and trends in Google Search.</li> <li><a href="https://wordpress.org/plugins/jetpack/" rel="ugc">Jetpack</a>: Manage SEO and social previews all in one place.</li> <li><a href="https://en-gb.wordpress.org/plugins/easy-digital-downloads/" rel="nofollow ugc">Easy Digital Downloads (EDD)</a>: Improve digital product visibility with integrated schema.</li> <li><a href="https://mastodon.social/" rel="nofollow ugc">Mastodon</a>: Verify your website on Mastodon with Yoast SEO Premium.</li> <li><a href="https://en-gb.wordpress.org/plugins/woocommerce/" rel="nofollow ugc">WooCommerce</a>: Optimize ecommerce SEO with the dedicated WooCommerce extension.</li> </ul> <h3>Yoast SEO Premium – AI-powered SEO for WordPress</h3> <a href="https://yoa.st/1v8" rel="nofollow ugc">Yoast SEO Premium</a> enhances everything in Yoast SEO with advanced automation, AI tools, and professional support. Trusted by millions, it helps you optimize efficiently for both traditional and AI-driven search. Tackle your SEO challenges: – Keep pace with algorithm and AI search updates. – Target the right audience effectively. – Automate redirects, crawl controls, and internal linking. – Identify orphaned content and improve site structure. – Get support when you need it. Premium highlights: – AI-generated titles and meta descriptions. – Smart internal linking suggestions. – Social previews for Facebook and X. – Redirect Manager with bulk tools and automatic prompts. – Bot Blocker for AI crawlers (GPTBot, CCBot, Google-Extended). – IndexNow integration for fast content updates. – Front-end SEO Inspector for real-time editing. – SEO Workouts to improve orphaned and cornerstone content. – <a href="https://yoa.st/52u" rel="nofollow ugc">Google Docs add-on</a> for seamless SEO writing in Docs. – 24/7 premium support from SEO specialists. Includes at no extra cost: – <a href="https://yoa.st/1uu" rel="nofollow ugc">Yoast Local SEO</a>: Optimize for local audiences and Google Maps. – <a href="https://yoa.st/1uw" rel="nofollow ugc">Yoast Video SEO</a>: Ensure Google understands your videos with video sitemaps and schema. – <a href="https://yoa.st/1uv" rel="nofollow ugc">Yoast News SEO</a>: Increase visibility in Google News and Top Stories. <h3>Yoast WooCommerce SEO – Advanced SEO for Online Stores</h3> Yoast WooCommerce SEO builds on Yoast SEO Premium with ecommerce-specific tools to improve your store’s visibility and conversion potential. Key ecommerce SEO features: – WooCommerce-specific XML sitemap excluding non-shopping content. – Product structured data for enhanced rich results (price, reviews, availability). – Canonical URL management to prevent duplicates. – Ecommerce-focused content analysis for GTINs, SKUs, and short descriptions. – AI Generate for ecommerce – Instantly create optimized titles and meta descriptions for product and category pages. Benefits: – Improve product visibility with automated structured data. – Enhance crawl efficiency for large catalogs. – Save time through metadata templates and automation. – Increase engagement with AI-optimized ecommerce metadata. Built for WooCommerce, trusted by thousands of online stores worldwide. <h3>For Developers</h3> Yoast SEO is built with developers in mind. With modern APIs, hooks, and a unified indexables system, you can extend or integrate SEO functionality across custom themes, plugins, or headless setups. <h3>REST API</h3> Retrieve SEO metadata for any post or URL, including meta tags, Open Graph, Twitter Cards, and Schema.org data. <a href="https://yoa.st/53l" rel="nofollow ugc">Learn more about the REST API</a>. <h3>Surfaces API</h3> Access SEO data directly in code via <code>YoastSEO()->meta->for_current_page()</code>. Supports titles, descriptions, canonicals, and schema. <a href="https://yoa.st/53m" rel="nofollow ugc">Read the Surfaces API documentation</a>. <h3>Metadata API</h3> Use the <a href="https://yoa.st/53n" rel="nofollow ugc">Metadata API</a> to filter, override, or extend meta tags with WordPress hooks such as <code>wpseo_title</code>, <code>wpseo_metadesc</code>, and <code>wpseo_canonical</code>. <h3>Schema API</h3> The <a href="https://yoa.st/53o" rel="nofollow ugc">Schema API</a> lets you modify or extend Schema.org graph pieces, including Article, Organization, Person, Breadcrumb, and WebPage entities. <h3>Block Editor compatibility</h3> Yoast SEO integrates directly with the WordPress Block Editor (Gutenberg). It outputs schema for HowTo and FAQ blocks by default, and developers can extend schema for custom blocks. <h3>Indexables</h3> At the core of Yoast SEO lies the <a href="https://yoa.st/53q" rel="nofollow ugc">indexables system</a>, unifying all SEO data for faster queries and consistent metadata across outputs. <h3>Ongoing support and education</h3> Yoast is powered by expert developers, testers, and SEO specialists who keep improving the plugin. We’re committed to helping users grow their SEO skills with resources such as: <ul> <li><a href="https://yoa.st/3ri" rel="nofollow ugc">Yoast SEO Academy</a>: Free and premium SEO courses (included in all paid plans).</li> <li><a href="https://yoast.com/seo-blog/" rel="nofollow ugc">Yoast SEO blog</a>, newsletter, and webinars.</li> <li><a href="https://yoa.st/53i" rel="nofollow ugc">Yoast SEO Update podcast</a> for the latest SEO insights.</li> <li><a href="https://github.com/Yoast/wordpress-seo" rel="nofollow ugc">Bug reports on GitHub</a> (for issue tracking, not support).</li> </ul> Yoast SEO — built to make search optimization accessible, reliable, and ready for the future of AI search.

WordPress Plugin Directory

963M

Yoast/wordpress-seo

Yoast SEO for WordPress

GitHub

1.96K