Unauthorized Private Content Disclosure in Slim SEO Plugin for WordPress
CVE-2026-12408
4.3MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 1 July 2026
What is CVE-2026-12408?
The Slim SEO Plugin for WordPress exposes a vulnerability that allows authenticated attackers with Contributor-level access and above to exploit the /wp-json/slim-seo/meta-tags/ai REST API endpoint. This issue arises from insufficient permission checks, permitting these attackers to retrieve AI-generated summaries of private content, drafts, pending, and password-protected posts belonging to other users. The insecure implementation allows unauthorized access to sensitive information, making it crucial for users to be aware and take preventive action.
Affected Version(s)
Slim SEO β A Fast & Automated SEO Plugin For WordPress 0 <= 4.9.8