Impact
The Slim SEO plugin contains a flaw in its /wp-json/slim-seo/meta-tags/ai REST endpoint where the permission callback checks only for the top‑level edit_posts capability. This allows an authenticated user with Contributor or higher access to supply any post ID in the object.ID parameter and receive AI‑generated summaries of that post’s raw content. Because get_post() is called without verifying the requester’s read access, private, draft, pending, future, and password‑protected posts belonging to other authors can be exposed.
Affected Systems
This issue affects all installations of the Slim SEO – A Fast & Automated SEO Plugin for WordPress version 4.9.8 and earlier. Versions beyond 4.9.8 contain the fix.
Risk and Exploitability
The CVSS score of 4.3 reflects a moderate risk due to the need for authenticated access. The EPSS score is not available, indicating no public data on exploitation prevalence. The vulnerability is not listed in CISA KEV, but authenticated contributors already exist on many sites. Attackers can exploit the endpoint by sending a crafted GET/POST request containing the desired post ID after authenticating, causing the plugin to return the raw post content in the response. The impact is disclosure of content that should be hidden from the requesting user.
OpenCVE Enrichment