cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forslim-seo slim-seo

Direction: ascending
Jun 12, 2025

Slim SEO – Fast & Automated WordPress SEO Plugin # CVE-2025-4611

CVE, Research URL

CVE-2025-4611

Date
May 21, 2025
Research Description
The Slim SEO – Fast & Automated WordPress SEO Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slim_seo_breadcrumbs shortcode in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 4.5.4.
Status
vulnerable
Jun 15, 2026

Slim SEO – Fast & Automated WordPress SEO Plugin # CVE-2025-49854

CVE, Research URL

CVE-2025-49854

Date
Jun 17, 2025
Research Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Anh Tran Slim SEO slim-seo allows SQL Injection.This issue affects Slim SEO: from n/a through <= 4.5.4.
Affected versions
max 4.5.5.
Status
vulnerable
Jun 30, 2026

Slim SEO &#8211; Fast &amp; Automated WordPress SEO Plugin # CVE-2026-57429

CVE, Research URL

CVE-2026-57429

Date
Jun 25, 2026
Research Description
Contributor Broken Access Control in Slim SEO <= 4.6.2 versions.
Affected versions
max 4.7.0.
Status
vulnerable
Jul 02, 2026

Slim SEO &#8211; Fast &amp; Automated WordPress SEO Plugin # CVE-2026-12408

CVE, Research URL

CVE-2026-12408

Date
Jul 01, 2026
Research Description
The Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized Private Content Disclosure in all versions up to, and including, 4.9.8 via the `/wp-json/slim-seo/meta-tags/ai` REST API endpoint. This is due to the endpoint's `permission_callback` performing only a top-level `edit_posts` capability check without verifying that the requesting user has read access to the specific post supplied via the `object.ID` parameter, allowing the `generate` function to pass the attacker-controlled post ID to `Data::get_post_content()`, which calls `get_post()` regardless of post status or ownership. This makes it possible for authenticated attackers with Contributor-level access and above to retrieve AI-generated summaries of the raw `post_content` of arbitrary posts they are not authorized to view — including private posts, drafts, pending, future, and password-protected content authored by other users — with the substance of the protected content disclosed via the HTTP response.
Affected versions
max 4.9.9.
Status
vulnerable