{"id":"CVE-2026-3427","summary":"Yoast SEO \u003c= 27.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'jsonText' Block Attribute","details":"The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the `jsonText` block attribute in all versions up to, and including, 27.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","modified":"2026-07-08T08:12:50.181868120Z","published":"2026-03-22T03:26:35.127Z","database_specific":{"cwe_ids":["CWE-79"],"cna_assigner":"Wordfence","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/3xxx/CVE-2026-3427.json"},"references":[{"type":"WEB","url":"https://plugins.trac.wordpress.org/browser/wordpress-seo/tags/27.0/inc/class-wpseo-utils.php#L915"},{"type":"WEB","url":"https://plugins.trac.wordpress.org/browser/wordpress-seo/tags/27.0/src/generators/schema/howto.php#L125"},{"type":"WEB","url":"https://plugins.trac.wordpress.org/changeset/3475308/wordpress-seo"},{"type":"WEB","url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fee1fef5-5716-49e0-a04e-d0dae527fcfc?source=cve"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/3xxx/CVE-2026-3427.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3427"},{"type":"FIX","url":"https://github.com/Yoast/wordpress-seo/pull/23035"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/yoast/wordpress-seo","events":[{"introduced":"0"},{"last_affected":"c4082427f1645be0b2e7d8534b588670dc2050ef"}],"database_specific":{"source":"AFFECTED_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"27.1.1"}]}}],"versions":["27.1.1","27.1","27.0","26.9","26.8","26.7","26.6","26.5","26.4","26.3","26.2","26.1.1","26.1","26.0","25.9","25.8","25.7","25.6","25.5","25.4","25.3.1","25.3","25.2","25.1","25.0","24.9","24.8.1","24.8","24.7","24.6","24.5","24.4","24.3","24.2","24.1","24.0","23.9","23.8","23.7","23.6","23.5","23.4","23.3","23.2","23.1","23.0","22.9","22.8","22.7","22.6","22.5","22.4","22.3","22.2","22.1","22.0","21.9.1","21.9","21.8.1","21.8","21.7","21.6","21.5","21.4","21.3","21.2","21.1","21.0","20.13","20.12","20.11","20.10","20.9","20.8","20.7","20.6","20.5","20.4","20.3","20.2.1","20.2","20.1","20.0","19.14","19.13","19.12","19.11","19.10","19.9","19.8","19.7.2","19.7.1","19.7","19.6.1","19.6","19.5.1","19.5","19.4","19.3","19.2","19.1","18.9","19.0","18.8","18.7","18.6","18.5.1","18.5","18.4.1","18.3","18.2","18.1","18.0","17.9","17.8","17.7.1","17.7","17.6","17.5","17.4","17.3","17.2.1","17.2","17.1","17.0","16.9","16.8","16.7","16.6.1","16.6","16.5","16.4","16.3","16.2","16.1.1","16.1","16.0.2","16.0.1","16.0","15.9.2","15.9.1","15.9","15.8.1-RC1","15.8","15.7","15.6.2","15.6.1","15.6","15.5","15.4","15.3","15.2.1","15.2","15.1.1","15.1","15.0","14.9","14.8.1","14.8","14.7","14.6.1","14.6","14.5","14.4.1","14.4","14.3","14.2","14.1","14.0.4","14.0.3","14.0.2","14.0.1","14.0","13.5","13.4","13.3","13.2","13.1","13.0","12.9.1","12.9","12.8.1","12.8","12.7.1","12.7","12.6.2","12.6.1","12.6","12.5.1","12.5","12.4","12.3","12.2","12.1","12.0","11.9","11.8","11.7","11.6","11.5","11.4","11.3","11.2.1","11.2","11.1.1","11.1","11.0","10.1.3","10.1.2","10.1.1","10.1","10.0.1","10.0","9.7","9.6","9.0.2","9.5","9.4","9.3","9.2.1","9.2","9.1","9.0.3","9.0.1","9.0","8.4","8.3","8.2.1","8.2","8.1.2","8.1.1","8.1","8.0","7.9.1","7.9","7.8","7.7.3","7.7.2","7.7.1","7.7","7.6.1","7.6","7.5.3","7.5.1","7.5","7.4.2","7.4.1","7.4","7.3","7.2","7.1","7.0.3","7.0.2","7.0.1","7.0","6.3.1","6.3","6.2","6.1.1","6.1","6.0","5.9.3","5.9.2","5.9.1","5.9","5.8","5.7.1","5.7","5.6.1","5.6","5.5.1","5.5","5.4.2","5.4.1","5.4.0","5.3.3","5.3.2","5.3.1","5.3","5.2","5.1","4.9","4.8","4.7","4.6","4.5","3.7.0","3.4","3.3.1","3.0.6","3.0.5","3.0.4","3.0.3","3.0.2","3.0.1","3.0","2.3.2","2.3.1","2.3","2.2.1","2.2","2.1.1","2.1","2.0.1","2.0","1.8-beta","1.6.3","1.6.2","1.6.1","1.6","1.5.6","1.5.5.3","1.5.5.2","1.5.5.1","1.5.5","1.5.2.4","1.5.2.3","1.5.2.2","1.5.2.1","1.5.2","1.5.1","1.5.0","1.4.25","1.4.24","1.4.23","1.4.22","1.4.21","1.4.20","1.4.18","1.4.15"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3427.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}]}