Arbitrary Command Execution
Affecting yoast/wordpress-seo package, versions <9.2.0
yoast/wordpress-seo is a Yoast SEO for WordPress.
Affected versions of this package are vulnerable to Arbitrary Command Execution due to a race condition via the
admin/import/class-import-settings.php path in
unzip_file. A SEO Manager could perform command execution on the Operating System via a ZIP import.
yoast/wordpress-seo to version 9.2.0 or higher.