{"id":"CVE-2021-24153","details":"A Stored Cross-Site Scripting vulnerability was discovered in the Yoast SEO WordPress plugin before 3.4.1, which had built-in blacklist filters which were blacklisting Parenthesis as well as several functions such as alert but bypasses were found.","modified":"2026-04-10T05:56:26.909021Z","published":"2021-04-05T19:15:14.560Z","references":[{"type":"ADVISORY","url":"https://plugins.trac.wordpress.org/changeset/1466243/wordpress-seo"},{"type":"ADVISORY","url":"https://wpscan.com/vulnerability/77810044-394d-4314-b9a1-20c7dca726dc"},{"type":"EVIDENCE","url":"https://packetstormsecurity.com/files/138192/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/yoast/wordpress-seo","events":[{"introduced":"0"},{"fixed":"1f22f0756e679d0b474400a6e3c248324d168bdd"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.4.1"}]}}],"versions":["1.4.15","1.4.18","1.4.20","1.4.21","1.4.22","1.4.23","1.4.24","1.4.25","1.5.0","1.5.1","1.5.2","1.5.2.1","1.5.2.2","1.5.2.3","1.5.2.4","1.5.5","1.5.5.1","1.5.5.2","1.5.5.3","1.5.6","1.6","1.6.1","1.6.2","1.6.3","1.8-beta","2.0","2.0.1","2.1","2.1.1","2.2","2.2.1","2.3","2.3.1","2.3.2","3.0","3.0.1","3.0.2","3.0.3","3.0.4","3.0.5","3.0.6","3.3.1","3.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-24153.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}