Search
Find a vulnerability
Search criteria
4 vulnerabilities found for Slim SEO – A Fast & Automated SEO Plugin For WordPress by rilwis
CVE-2026-12408 (GCVE-0-2026-12408)
Vulnerability from nvd – Published: 2026-07-01 07:53 – Updated: 2026-07-01 10:32
VLAI
EPSS
VEX
Title
Slim SEO <= 4.9.8 - Authenticated (Contributor+) Insufficient Authorization to Private Content Disclosure via 'object.ID' Parameter
Summary
The Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized Private Content Disclosure in all versions up to, and including, 4.9.8 via the `/wp-json/slim-seo/meta-tags/ai` REST API endpoint. This is due to the endpoint's `permission_callback` performing only a top-level `edit_posts` capability check without verifying that the requesting user has read access to the specific post supplied via the `object.ID` parameter, allowing the `generate` function to pass the attacker-controlled post ID to `Data::get_post_content()`, which calls `get_post()` regardless of post status or ownership. This makes it possible for authenticated attackers with Contributor-level access and above to retrieve AI-generated summaries of the raw `post_content` of arbitrary posts they are not authorized to view — including private posts, drafts, pending, future, and password-protected content authored by other users — with the substance of the protected content disclosed via the HTTP response.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
8 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| rilwis | Slim SEO – A Fast & Automated SEO Plugin For WordPress |
Affected:
0 , ≤ 4.9.8
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12408",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T10:26:19.995105Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T10:32:04.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Slim SEO \u2013 A Fast \u0026 Automated SEO Plugin For WordPress",
"vendor": "rilwis",
"versions": [
{
"lessThanOrEqual": "4.9.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abu Hurayra (HurayraIIT)"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Slim SEO \u2013 A Fast \u0026 Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized Private Content Disclosure in all versions up to, and including, 4.9.8 via the `/wp-json/slim-seo/meta-tags/ai` REST API endpoint. This is due to the endpoint\u0027s `permission_callback` performing only a top-level `edit_posts` capability check without verifying that the requesting user has read access to the specific post supplied via the `object.ID` parameter, allowing the `generate` function to pass the attacker-controlled post ID to `Data::get_post_content()`, which calls `get_post()` regardless of post status or ownership. This makes it possible for authenticated attackers with Contributor-level access and above to retrieve AI-generated summaries of the raw `post_content` of arbitrary posts they are not authorized to view \u2014 including private posts, drafts, pending, future, and password-protected content authored by other users \u2014 with the substance of the protected content disclosed via the HTTP response."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T07:53:37.500Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e6603a0-8f35-49fb-a517-ba6344538c4d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.9.8/src/MetaTags/AI.php#L55"
},
{
"url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.9.8/src/MetaTags/AI.php#L21"
},
{
"url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.9.8/src/MetaTags/Data.php#L117"
},
{
"url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.9.5/src/MetaTags/AI.php#L55"
},
{
"url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.9.5/src/MetaTags/AI.php#L21"
},
{
"url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.9.5/src/MetaTags/Data.php#L117"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3576523%40slim-seo\u0026new=3576523%40slim-seo\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-16T14:52:13.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-06-30T19:21:44.000Z",
"value": "Disclosed"
}
],
"title": "Slim SEO \u003c= 4.9.8 - Authenticated (Contributor+) Insufficient Authorization to Private Content Disclosure via \u0027object.ID\u0027 Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-12408",
"datePublished": "2026-07-01T07:53:37.500Z",
"dateReserved": "2026-06-16T14:37:03.010Z",
"dateUpdated": "2026-07-01T10:32:04.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4611 (GCVE-0-2025-4611)
Vulnerability from nvd – Published: 2025-05-21 09:21 – Updated: 2026-04-08 16:57
VLAI
EPSS
VEX
Title
Slim SEO <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via slim_seo_breadcrumbs Shortcode
Summary
The Slim SEO – Fast & Automated WordPress SEO Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slim_seo_breadcrumbs shortcode in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
7 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| rilwis | Slim SEO – A Fast & Automated SEO Plugin For WordPress |
Affected:
0 , ≤ 4.5.3
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4611",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T10:11:25.640524Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T10:15:51.279Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Slim SEO \u2013 A Fast \u0026 Automated SEO Plugin For WordPress",
"vendor": "rilwis",
"versions": [
{
"lessThanOrEqual": "4.5.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Muhammad Yudha - DJ"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Slim SEO \u2013 Fast \u0026 Automated WordPress SEO Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s slim_seo_breadcrumbs shortcode in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:57:13.520Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6318a1cf-716f-450c-a1c2-497de8095daa?source=cve"
},
{
"url": "https://wordpress.org/plugins/slim-seo/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.5.3/src/Breadcrumbs.php#L37"
},
{
"url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.5.3/src/Breadcrumbs.php#L85"
},
{
"url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.5.3/src/Breadcrumbs.php#L109"
},
{
"url": "https://github.com/elightup/slim-seo/commit/b475dceff3a6bd94335d5a79eb12cdd92e2c8350"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3296099/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-20T20:50:49.000Z",
"value": "Disclosed"
}
],
"title": "Slim SEO \u003c= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via slim_seo_breadcrumbs Shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-4611",
"datePublished": "2025-05-21T09:21:50.279Z",
"dateReserved": "2025-05-12T21:07:05.283Z",
"dateUpdated": "2026-04-08T16:57:13.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12408 (GCVE-0-2026-12408)
Vulnerability from cvelistv5 – Published: 2026-07-01 07:53 – Updated: 2026-07-01 10:32
VLAI
EPSS
VEX
Title
Slim SEO <= 4.9.8 - Authenticated (Contributor+) Insufficient Authorization to Private Content Disclosure via 'object.ID' Parameter
Summary
The Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized Private Content Disclosure in all versions up to, and including, 4.9.8 via the `/wp-json/slim-seo/meta-tags/ai` REST API endpoint. This is due to the endpoint's `permission_callback` performing only a top-level `edit_posts` capability check without verifying that the requesting user has read access to the specific post supplied via the `object.ID` parameter, allowing the `generate` function to pass the attacker-controlled post ID to `Data::get_post_content()`, which calls `get_post()` regardless of post status or ownership. This makes it possible for authenticated attackers with Contributor-level access and above to retrieve AI-generated summaries of the raw `post_content` of arbitrary posts they are not authorized to view — including private posts, drafts, pending, future, and password-protected content authored by other users — with the substance of the protected content disclosed via the HTTP response.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
8 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| rilwis | Slim SEO – A Fast & Automated SEO Plugin For WordPress |
Affected:
0 , ≤ 4.9.8
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12408",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T10:26:19.995105Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T10:32:04.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Slim SEO \u2013 A Fast \u0026 Automated SEO Plugin For WordPress",
"vendor": "rilwis",
"versions": [
{
"lessThanOrEqual": "4.9.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abu Hurayra (HurayraIIT)"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Slim SEO \u2013 A Fast \u0026 Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized Private Content Disclosure in all versions up to, and including, 4.9.8 via the `/wp-json/slim-seo/meta-tags/ai` REST API endpoint. This is due to the endpoint\u0027s `permission_callback` performing only a top-level `edit_posts` capability check without verifying that the requesting user has read access to the specific post supplied via the `object.ID` parameter, allowing the `generate` function to pass the attacker-controlled post ID to `Data::get_post_content()`, which calls `get_post()` regardless of post status or ownership. This makes it possible for authenticated attackers with Contributor-level access and above to retrieve AI-generated summaries of the raw `post_content` of arbitrary posts they are not authorized to view \u2014 including private posts, drafts, pending, future, and password-protected content authored by other users \u2014 with the substance of the protected content disclosed via the HTTP response."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T07:53:37.500Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e6603a0-8f35-49fb-a517-ba6344538c4d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.9.8/src/MetaTags/AI.php#L55"
},
{
"url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.9.8/src/MetaTags/AI.php#L21"
},
{
"url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.9.8/src/MetaTags/Data.php#L117"
},
{
"url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.9.5/src/MetaTags/AI.php#L55"
},
{
"url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.9.5/src/MetaTags/AI.php#L21"
},
{
"url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.9.5/src/MetaTags/Data.php#L117"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3576523%40slim-seo\u0026new=3576523%40slim-seo\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-16T14:52:13.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-06-30T19:21:44.000Z",
"value": "Disclosed"
}
],
"title": "Slim SEO \u003c= 4.9.8 - Authenticated (Contributor+) Insufficient Authorization to Private Content Disclosure via \u0027object.ID\u0027 Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-12408",
"datePublished": "2026-07-01T07:53:37.500Z",
"dateReserved": "2026-06-16T14:37:03.010Z",
"dateUpdated": "2026-07-01T10:32:04.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4611 (GCVE-0-2025-4611)
Vulnerability from cvelistv5 – Published: 2025-05-21 09:21 – Updated: 2026-04-08 16:57
VLAI
EPSS
VEX
Title
Slim SEO <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via slim_seo_breadcrumbs Shortcode
Summary
The Slim SEO – Fast & Automated WordPress SEO Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slim_seo_breadcrumbs shortcode in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
7 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| rilwis | Slim SEO – A Fast & Automated SEO Plugin For WordPress |
Affected:
0 , ≤ 4.5.3
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4611",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T10:11:25.640524Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T10:15:51.279Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Slim SEO \u2013 A Fast \u0026 Automated SEO Plugin For WordPress",
"vendor": "rilwis",
"versions": [
{
"lessThanOrEqual": "4.5.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Muhammad Yudha - DJ"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Slim SEO \u2013 Fast \u0026 Automated WordPress SEO Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s slim_seo_breadcrumbs shortcode in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:57:13.520Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6318a1cf-716f-450c-a1c2-497de8095daa?source=cve"
},
{
"url": "https://wordpress.org/plugins/slim-seo/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.5.3/src/Breadcrumbs.php#L37"
},
{
"url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.5.3/src/Breadcrumbs.php#L85"
},
{
"url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.5.3/src/Breadcrumbs.php#L109"
},
{
"url": "https://github.com/elightup/slim-seo/commit/b475dceff3a6bd94335d5a79eb12cdd92e2c8350"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3296099/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-20T20:50:49.000Z",
"value": "Disclosed"
}
],
"title": "Slim SEO \u003c= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via slim_seo_breadcrumbs Shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-4611",
"datePublished": "2025-05-21T09:21:50.279Z",
"dateReserved": "2025-05-12T21:07:05.283Z",
"dateUpdated": "2026-04-08T16:57:13.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}