📄 Clicky by Yoast 1.4.3 Cross Site Scripting_PACKETSTORM:214751

Description

Multiple persistent cross site scripting vulnerabilities exist in Clicky by Yoast WordPress Plugin version 1.4.3. This issue is older research added to the archive...

Visit Original Source

Basic Information

ID PACKETSTORM:214751

Published Feb 2, 2026 at 00:00

Affected Product

Affected Versions Clicky by Yoast 1.4.3 - Multiple Stored Cross-site Scripting
Advisory ID: RO-16-006
Severity: Medium
Vendor: Yoast
Product: Clicky by Yoast
Version: 1.4.3

Overview #

Multiple Stored Cross-site Scripting (XSS) vulnerabilities exist in Clicky by Yoast WordPress Plugin version 1.4.3.

Vulnerability Details #

Affected Versions: 1.4.3 and earlier

Root Cause: Insufficient input validation in plugin settings page.
Technical Details #

Vulnerable URL: /wp-admin/options-general.php?page=clicky

Vulnerable Parameters (POST):

admin_site_key
site_id
site_key
outbound_pattern

Attack Pattern:

'" onmouseover=alert(0x000136)

Exploitation Requirements #

Admin authentication required
Stored XSS persists in settings

Impact #

Remote attackers can exploit these vulnerabilities to:

Steal admin session cookies
Perform administrative actions
Persistently compromise the WordPress admin panel

Solution #

Update to the latest version. See Yoast SEO changelog.

References #

Invicti Advisory NS-16-008

Timeline:

[2016-06-29] - First Contact
[2016-07-01] - Vendor Replied
[2016-07-27] - Advisory Released

Credits: Omar Kurt

{
    "lastseen": "2026-02-02T18:31:34",
    "description": "Multiple persistent cross site scripting vulnerabilities exist in Clicky by Yoast WordPress Plugin version 1.4.3. This issue is older research added to the archive...",
    "published": "2026-02-02T00:00:00",
    "modified": "2026-02-02T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 Clicky by Yoast 1.4.3 Cross Site Scripting",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:214751",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [],
    "sourceData": "Clicky by Yoast 1.4.3 - Multiple Stored Cross-site Scripting\n    Advisory ID: RO-16-006\n    Severity: Medium\n    Vendor: Yoast\n    Product: Clicky by Yoast\n    Version: 1.4.3\n    \n    \n    Overview #\n    \n    Multiple Stored Cross-site Scripting (XSS) vulnerabilities exist in Clicky by Yoast WordPress Plugin version 1.4.3.\n    \n    \n    Vulnerability Details #\n    \n    Affected Versions: 1.4.3 and earlier\n    \n    Root Cause: Insufficient input validation in plugin settings page.\n    Technical Details #\n    \n    Vulnerable URL: /wp-admin/options-general.php?page=clicky\n    \n    Vulnerable Parameters (POST):\n    \n        admin_site_key\n        site_id\n        site_key\n        outbound_pattern\n    \n    Attack Pattern:\n    \n    '\" onmouseover=alert(0x000136)\n    \n    \n    \n    Exploitation Requirements #\n    \n        Admin authentication required\n        Stored XSS persists in settings\n    \n    Impact #\n    \n    Remote attackers can exploit these vulnerabilities to:\n    \n        Steal admin session cookies\n        Perform administrative actions\n        Persistently compromise the WordPress admin panel\n    \n    \n    \n    Solution #\n    \n    Update to the latest version. See Yoast SEO changelog.\n    \n    \n    References #\n    \n        Invicti Advisory NS-16-008\n    \n    Timeline:\n    \n        [2016-06-29] - First Contact\n        [2016-07-01] - Vendor Replied\n        [2016-07-27] - Advisory Released\n    \n    Credits: Omar Kurt",
    "sourceHref": "https://packetstorm.news/download/214751",
    "cvss": {
        "score": 0,
        "severity": "NONE",
        "vector": "NONE",
        "version": "NONE"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://packetstorm.news/files/id/214751/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply