[TYPO3-announce] [Ticket#2021042710000045] Vulnerabilities in multiple third party TYPO3 CMS extensions

Dear TYPO3 users,

several vulnerabilities have been found in the following third party TYPO3

"2 Clicks for External Media" (media2click)
"Dynamic Content Element" (dce)
"Yoast SEO for TYPO3" (yoast_seo)
"Bootstrap Package" (bootstrap_package)

For further information on the issues, please read the related advisories
TYPO3-EXT-SA-2021-004, TYPO3-EXT-SA-2021-005, TYPO3-EXT-SA-2021-006 and
TYPO3-EXT-SA-2021-007 which were published today:

TYPO3-EXT-SA-2021-004: Cross-Site Scripting in extension "2 Clicks for
External Media" (media2click)

TYPO3-EXT-SA-2021-005: SQL Injection in extension "Dynamic Content Element"

TYPO3-EXT-SA-2021-006: Server-side request forgery in extension "Yoast SEO for
TYPO3" (yoast_seo)

TYPO3-EXT-SA-2021-007: Cross-Site Scripting in extension "Bootstrap Package"

In general the TYPO3 Security Team recommends to read the following pages:

The TYPO3 Security Guide:

Make sure you are subscribed to the TYPO3 Announce List:

See all TYPO3 security advisories:


Torben Hansen
Member of the TYPO3 Security Team