CVE-2025-14481 in SEO PluginИнформация

Сводка

по MITRE • 27.05.2026

The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object References in all versions up to, and including, 26.5. This is due to insufficient authorization checks in the Meta Search REST API endpoint that fail to verify post ownership. This makes it possible for authenticated attackers, with Contributor-level access and above, to read sensitive SEO metadata from any post on the site via the 'post_id' parameter, including posts owned by other users, private posts, and draft posts.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Ответственный

Wordfence

Резервировать

10.12.2025

Раскрытие

27.05.2026

Модерация

принято

Вход

VDB-365876

CPE

готов

CWE

CWE-862 (Подтверждённый)

CVSS

4.3 (CNA)

EPSS

0.00032

KEV

Нет

Деятельности

Очень низкий

Сектор

Hostingprovider

Источники

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-14481
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-14481
CVE Details	https://www.cvedetails.com/cve/CVE-2025-14481/

◂ Предыдущий Обзор Далее ▸

Might our Artificial Intelligence support you?

Check our Alexa App!