MEDIUM
yoast
CVE published 2026-05-27
CVE-2025-14481
CVE-2025-14481 is a medium-severity Insecure Direct Object Reference (IDOR) vulnerability in the Yoast SEO WordPress plugin affecting all versions up to and including 26.5. The vulnerability resides in the Meta Search REST API endpoint, which fails to properly validate post ownership before returning SEO metadata. Authenticated attackers with Contributor-level privileges or higher can exploit this flaw by [truncated]