Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Project:
Date:
2025-July-16
Vulnerability:
Cross-site Scripting
Affected versions:
>=2.0.0 <2.2.0
CVE IDs:
CVE-2025-7716
Description:
This module enables you to analyze the content that you're authoring for a website. It shows you a preview of what a search result might look like.
The module doesn't sufficiently escape the metadata from content while rendering the preview, opening up the possibility of a XSS attack.
This vulnerability is mitigated by the fact that an attacker must be able to author content that is analyzed by the Real-Time SEO module.
Solution:
Install the latest version:
- Upgrade to yoast_seo 8.x-2.2.
Reported By:
- Pierre Rudloff (prudloff), provisional member of the Drupal Security Team.
Fixed By:
- Alexander Varwijk (kingdutch)
- Pierre Rudloff (prudloff), provisional member of the Drupal Security Team.
Coordinated By:
- Damien McKenna (damienmckenna) of the Drupal Security Team
- Greg Knaddison (greggles) of the Drupal Security Team
- Pierre Rudloff (prudloff), provisional member of the Drupal Security Team
- Jess (xjm) of the Drupal Security Team
