Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Slim SEO – A Fast & Automated SEO Plugin For WordPress by rilwis

    CVE-2026-12408 (GCVE-0-2026-12408)

    Vulnerability from nvd – Published: 2026-07-01 07:53 – Updated: 2026-07-01 10:32
    VLAI
    Title
    Slim SEO <= 4.9.8 - Authenticated (Contributor+) Insufficient Authorization to Private Content Disclosure via 'object.ID' Parameter
    Summary
    The Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized Private Content Disclosure in all versions up to, and including, 4.9.8 via the `/wp-json/slim-seo/meta-tags/ai` REST API endpoint. This is due to the endpoint's `permission_callback` performing only a top-level `edit_posts` capability check without verifying that the requesting user has read access to the specific post supplied via the `object.ID` parameter, allowing the `generate` function to pass the attacker-controlled post ID to `Data::get_post_content()`, which calls `get_post()` regardless of post status or ownership. This makes it possible for authenticated attackers with Contributor-level access and above to retrieve AI-generated summaries of the raw `post_content` of arbitrary posts they are not authorized to view — including private posts, drafts, pending, future, and password-protected content authored by other users — with the substance of the protected content disclosed via the HTTP response.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Credits
    Abu Hurayra (HurayraIIT)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12408",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T10:26:19.995105Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T10:32:04.144Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Slim SEO \u2013 A Fast \u0026 Automated SEO Plugin For WordPress",
              "vendor": "rilwis",
              "versions": [
                {
                  "lessThanOrEqual": "4.9.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Abu Hurayra (HurayraIIT)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Slim SEO \u2013 A Fast \u0026 Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized Private Content Disclosure in all versions up to, and including, 4.9.8 via the `/wp-json/slim-seo/meta-tags/ai` REST API endpoint. This is due to the endpoint\u0027s `permission_callback` performing only a top-level `edit_posts` capability check without verifying that the requesting user has read access to the specific post supplied via the `object.ID` parameter, allowing the `generate` function to pass the attacker-controlled post ID to `Data::get_post_content()`, which calls `get_post()` regardless of post status or ownership. This makes it possible for authenticated attackers with Contributor-level access and above to retrieve AI-generated summaries of the raw `post_content` of arbitrary posts they are not authorized to view \u2014 including private posts, drafts, pending, future, and password-protected content authored by other users \u2014 with the substance of the protected content disclosed via the HTTP response."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T07:53:37.500Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e6603a0-8f35-49fb-a517-ba6344538c4d?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.9.8/src/MetaTags/AI.php#L55"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.9.8/src/MetaTags/AI.php#L21"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.9.8/src/MetaTags/Data.php#L117"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.9.5/src/MetaTags/AI.php#L55"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.9.5/src/MetaTags/AI.php#L21"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.9.5/src/MetaTags/Data.php#L117"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3576523%40slim-seo\u0026new=3576523%40slim-seo\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-16T14:52:13.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-06-30T19:21:44.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Slim SEO \u003c= 4.9.8 - Authenticated (Contributor+) Insufficient Authorization to Private Content Disclosure via \u0027object.ID\u0027 Parameter"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-12408",
        "datePublished": "2026-07-01T07:53:37.500Z",
        "dateReserved": "2026-06-16T14:37:03.010Z",
        "dateUpdated": "2026-07-01T10:32:04.144Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-4611 (GCVE-0-2025-4611)

    Vulnerability from nvd – Published: 2025-05-21 09:21 – Updated: 2026-04-08 16:57
    VLAI
    Title
    Slim SEO <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via slim_seo_breadcrumbs Shortcode
    Summary
    The Slim SEO – Fast & Automated WordPress SEO Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slim_seo_breadcrumbs shortcode in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Credits
    Muhammad Yudha - DJ
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-4611",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-21T10:11:25.640524Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-21T10:15:51.279Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Slim SEO \u2013 A Fast \u0026 Automated SEO Plugin For WordPress",
              "vendor": "rilwis",
              "versions": [
                {
                  "lessThanOrEqual": "4.5.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Muhammad Yudha - DJ"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Slim SEO \u2013 Fast \u0026 Automated WordPress SEO Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s slim_seo_breadcrumbs shortcode in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:57:13.520Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6318a1cf-716f-450c-a1c2-497de8095daa?source=cve"
            },
            {
              "url": "https://wordpress.org/plugins/slim-seo/#developers"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.5.3/src/Breadcrumbs.php#L37"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.5.3/src/Breadcrumbs.php#L85"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.5.3/src/Breadcrumbs.php#L109"
            },
            {
              "url": "https://github.com/elightup/slim-seo/commit/b475dceff3a6bd94335d5a79eb12cdd92e2c8350"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3296099/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-05-20T20:50:49.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Slim SEO \u003c= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via slim_seo_breadcrumbs Shortcode"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-4611",
        "datePublished": "2025-05-21T09:21:50.279Z",
        "dateReserved": "2025-05-12T21:07:05.283Z",
        "dateUpdated": "2026-04-08T16:57:13.520Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12408 (GCVE-0-2026-12408)

    Vulnerability from cvelistv5 – Published: 2026-07-01 07:53 – Updated: 2026-07-01 10:32
    VLAI
    Title
    Slim SEO <= 4.9.8 - Authenticated (Contributor+) Insufficient Authorization to Private Content Disclosure via 'object.ID' Parameter
    Summary
    The Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized Private Content Disclosure in all versions up to, and including, 4.9.8 via the `/wp-json/slim-seo/meta-tags/ai` REST API endpoint. This is due to the endpoint's `permission_callback` performing only a top-level `edit_posts` capability check without verifying that the requesting user has read access to the specific post supplied via the `object.ID` parameter, allowing the `generate` function to pass the attacker-controlled post ID to `Data::get_post_content()`, which calls `get_post()` regardless of post status or ownership. This makes it possible for authenticated attackers with Contributor-level access and above to retrieve AI-generated summaries of the raw `post_content` of arbitrary posts they are not authorized to view — including private posts, drafts, pending, future, and password-protected content authored by other users — with the substance of the protected content disclosed via the HTTP response.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Credits
    Abu Hurayra (HurayraIIT)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12408",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T10:26:19.995105Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T10:32:04.144Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Slim SEO \u2013 A Fast \u0026 Automated SEO Plugin For WordPress",
              "vendor": "rilwis",
              "versions": [
                {
                  "lessThanOrEqual": "4.9.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Abu Hurayra (HurayraIIT)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Slim SEO \u2013 A Fast \u0026 Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized Private Content Disclosure in all versions up to, and including, 4.9.8 via the `/wp-json/slim-seo/meta-tags/ai` REST API endpoint. This is due to the endpoint\u0027s `permission_callback` performing only a top-level `edit_posts` capability check without verifying that the requesting user has read access to the specific post supplied via the `object.ID` parameter, allowing the `generate` function to pass the attacker-controlled post ID to `Data::get_post_content()`, which calls `get_post()` regardless of post status or ownership. This makes it possible for authenticated attackers with Contributor-level access and above to retrieve AI-generated summaries of the raw `post_content` of arbitrary posts they are not authorized to view \u2014 including private posts, drafts, pending, future, and password-protected content authored by other users \u2014 with the substance of the protected content disclosed via the HTTP response."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T07:53:37.500Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e6603a0-8f35-49fb-a517-ba6344538c4d?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.9.8/src/MetaTags/AI.php#L55"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.9.8/src/MetaTags/AI.php#L21"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.9.8/src/MetaTags/Data.php#L117"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.9.5/src/MetaTags/AI.php#L55"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.9.5/src/MetaTags/AI.php#L21"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.9.5/src/MetaTags/Data.php#L117"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3576523%40slim-seo\u0026new=3576523%40slim-seo\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-16T14:52:13.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-06-30T19:21:44.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Slim SEO \u003c= 4.9.8 - Authenticated (Contributor+) Insufficient Authorization to Private Content Disclosure via \u0027object.ID\u0027 Parameter"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-12408",
        "datePublished": "2026-07-01T07:53:37.500Z",
        "dateReserved": "2026-06-16T14:37:03.010Z",
        "dateUpdated": "2026-07-01T10:32:04.144Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-4611 (GCVE-0-2025-4611)

    Vulnerability from cvelistv5 – Published: 2025-05-21 09:21 – Updated: 2026-04-08 16:57
    VLAI
    Title
    Slim SEO <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via slim_seo_breadcrumbs Shortcode
    Summary
    The Slim SEO – Fast & Automated WordPress SEO Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slim_seo_breadcrumbs shortcode in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Credits
    Muhammad Yudha - DJ
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-4611",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-21T10:11:25.640524Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-21T10:15:51.279Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Slim SEO \u2013 A Fast \u0026 Automated SEO Plugin For WordPress",
              "vendor": "rilwis",
              "versions": [
                {
                  "lessThanOrEqual": "4.5.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Muhammad Yudha - DJ"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Slim SEO \u2013 Fast \u0026 Automated WordPress SEO Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s slim_seo_breadcrumbs shortcode in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:57:13.520Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6318a1cf-716f-450c-a1c2-497de8095daa?source=cve"
            },
            {
              "url": "https://wordpress.org/plugins/slim-seo/#developers"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.5.3/src/Breadcrumbs.php#L37"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.5.3/src/Breadcrumbs.php#L85"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/slim-seo/tags/4.5.3/src/Breadcrumbs.php#L109"
            },
            {
              "url": "https://github.com/elightup/slim-seo/commit/b475dceff3a6bd94335d5a79eb12cdd92e2c8350"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3296099/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-05-20T20:50:49.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Slim SEO \u003c= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via slim_seo_breadcrumbs Shortcode"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-4611",
        "datePublished": "2025-05-21T09:21:50.279Z",
        "dateReserved": "2025-05-12T21:07:05.283Z",
        "dateUpdated": "2026-04-08T16:57:13.520Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }