Yoast WooCommerce SEO Archives Yoast WooCommerce SEO

Are you affected?

The vast majority of customers are not impacted. Your site is only potentially at risk if all three of the following are true:

You are using a plan that includes the Yoast SEO Premium plugin. This includes Yoast SEO Premium, Yoast WooCommerce SEO, and Yoast SEO AI+

Your server runs Apache and you have manually changed your redirect method to write to .htaccess. If you’re using the default PHP-based redirects, you are not affected

A user who has access to your site with edit_posts capability. Without this, the vulnerability cannot be exploited even if the other conditions are met

What was the issue?

An authenticated user could inject unexpected configuration into a site’s .htaccess file by including special characters in a redirect. Depending on what was injected, this could range from a site crash to, in the most serious cases, remote code execution.

We have reviewed a sample of sites using the affected configuration and found no evidence of exploitation. There are no known cases of abuse.

What’s fixed

The patch includes three layers of protection:

Input sanitization: control characters are now stripped from redirect fields before they’re saved

Removed unused code: the specific endpoint involved in the vulnerability has been removed, as it was no longer used by the plugin anyway

In-plugin warning: we’ve added a proactive notification that will alert you if anything unusual is detected in your redirects or .htaccess file, so you can review and act quickly without the need to go looking for it

What you should do

Please update to 27.6.1 from the WordPress plugins screen, your Admin can do this in under two minutes.

If you meet all three conditions above, we recommend updating as soon as possible. Should you not, the security fix doesn’t apply to your setup, but keeping your plugins current is always good practice, and 27.6.1 is the version we recommend for everyone.

If you’re unsure whether you’re affected, check your redirect settings directly at [www.yoursite.com]/wp-admin/admin.php?page=wpseo_redirects#/redirect-method, if you don’t see .htaccess mode enabled, you’re not at risk.

A full security advisory will be published soon. If you have any questions or concerns in the meantime, our support team is here to help you.

Thank you for your continued trust in Yoast.

Beth Parker

Beth is Product Marketing Manager at Yoast. Before joining the company, she honed her digital marketing and project management skills in various in-house and agency environments.

Apr 14 2026

Three new tasks, better navigation, and a bug fix in the Yoast SEO Task List

We launched the Yoast SEO Task List in December to give you a clear, actionable to-do list for your site’s SEO. In this update, we’ve added two new tasks, improved how you navigate to fixes, and resolved a bug that was showing tasks in the wrong language.

A quick recap: what does the Task List do?

The Task List scans your site and surfaces specific content that needs attention, ranked by priority with an estimated time to fix. Instead of guessing what to work on next, you click a task and Yoast takes you directly to the right place to make the improvement. Think of it as a personal SEO assistant that knows your site.

What’s new in this update

New task: improve your meta descriptions

Meta descriptions are the short snippets that appear under your page title in Google search results. They don’t directly affect rankings, however they have a significant impact on whether someone clicks your link. The Task List will now flag recent posts where the meta description is missing or could be stronger, and point you to where you can fix it. Premium users can use the AI Generate button to write one in seconds.

New task: delete your sample page

Every new WordPress site comes with a default “Sample Page” that most people never delete. It adds no value and can create unnecessary noise for search engines. The Task List will now remind you to remove it if it’s still there. It’s a two-minute job that’s easy to overlook.

Available with Yoast SEO Premium, Yoast WooCommerce SEO, and Yoast SEO AI+

When someone shares your content on Facebook or X, the image that appears alongside it can make a real difference to whether people click. The Task List will now remind you to set a custom social sharing image for your posts and pages, so your content looks its best every time it gets shared.

Go directly to the right place in the editor

Previously, clicking a task would open the post editor and leave you to find the right section yourself. Now, Yoast takes you to the exact part of the editor you need: the SEO tab, the readability panel, or the meta description field. Less scrolling, faster fixing.

Bug fix: tasks now appear in your language

We fixed a bug where task descriptions were showing up in the site’s language rather than the logged-in user’s language. If you manage a multilingual site, or your personal language settings differ from your site’s default, tasks will now display correctly for you.

Also in this release

We’ve added a new Yoast tab to the WordPress Plugins screen that groups all your installed Yoast plugins in one place. This requires WordPress 7.0+.
We fixed a bug where alt text changes made via the inline image editor in How-to and FAQ blocks weren’t saving correctly to the frontend. Thanks to @param-chandarana for the report.

What’s coming next

We’re continuing to expand the Task List with improvements that surface high-impact changes specific to your content. Users of paid plans will see additional tasks in upcoming releases.

Update to Yoast SEO 27.4 to get these improvements automatically, or download the latest version from the WordPress plugin directory.