CVE-2026-12408 Overview
CVE-2026-12408 affects the Slim SEO – A Fast & Automated SEO Plugin for WordPress in all versions up to and including 4.9.8. The vulnerability exposes private, draft, pending, future, and password-protected posts through the /wp-json/slim-seo/meta-tags/ai REST API endpoint. Authenticated users with Contributor-level access or higher can retrieve AI-generated summaries of post_content for posts they do not own. The flaw is classified under [CWE-200] Information Exposure.
Critical Impact
Contributor-level attackers can extract substance from private, draft, and password-protected posts authored by other users through the plugin's AI meta-tag REST endpoint.
Affected Products
- Slim SEO – A Fast & Automated SEO Plugin For WordPress (versions ≤ 4.9.8)
- WordPress sites with the Slim SEO plugin installed and users at Contributor role or above
- Any WordPress installation exposing the /wp-json/slim-seo/meta-tags/ai REST route
Discovery Timeline
- 2026-07-01 - CVE-2026-12408 published to NVD
- 2026-07-01 - Last updated in NVD database
Technical Details for CVE-2026-12408
Vulnerability Analysis
The vulnerability resides in the AI.php component of the Slim SEO plugin. The REST endpoint /wp-json/slim-seo/meta-tags/ai registers a permission_callback that validates only the top-level edit_posts capability. It does not verify that the authenticated user has read access to the specific post identified by the object.ID parameter in the request body.
When a user calls the endpoint, the generate function forwards the attacker-controlled post ID to Data::get_post_content(). That helper calls the core get_post() function without checking post status, ownership, or password protection. The plugin then feeds the raw post_content into an AI summarization routine and returns the result in the HTTP response body.
This exposes the substance of posts that WordPress would normally restrict, including private posts, drafts, pending items, future-scheduled posts, and password-protected content authored by other users.
Root Cause
The root cause is a broken authorization check [CWE-200]. The permission_callback treats the edit_posts capability as sufficient authorization for any post ID supplied at request time. WordPress requires per-object capability checks such as read_post or edit_post against the specific post ID to enforce ownership and status restrictions. The plugin omits this check and passes the ID directly into content retrieval.
Attack Vector
An authenticated attacker with a Contributor account sends a POST request to /wp-json/slim-seo/meta-tags/ai with a JSON body containing an object.ID value referencing a post owned by another user. The endpoint validates only the coarse edit_posts capability, then invokes Data::get_post_content() for the supplied ID. The response returns an AI-generated summary that discloses the protected content. No user interaction from the victim is required.
Refer to the Wordfence Vulnerability Report and the Slim SEO AI.php source for the vulnerable code paths.
Detection Methods for CVE-2026-12408
Indicators of Compromise
- HTTP POST requests to /wp-json/slim-seo/meta-tags/ai originating from Contributor or Author accounts that do not own the referenced posts
- Request bodies containing object.ID values referencing posts with post_status of private, draft, pending, future, or password-protected posts
- Elevated volumes of REST API calls to the slim-seo/meta-tags/ai route from a single authenticated session
Detection Strategies
- Enable WordPress REST API request logging and alert on calls to /wp-json/slim-seo/meta-tags/ai where the requesting user is not the post author
- Correlate wp_users role data with post authorship in web access logs to identify cross-author enumeration patterns
- Monitor for sequential or scripted iteration through numeric object.ID values in POST bodies to the AI endpoint
Monitoring Recommendations
- Ingest WordPress access logs and application logs into a centralized logging platform for correlation across authentication and REST activity
- Baseline normal Contributor and Author API usage and alert on deviations targeting the Slim SEO AI route
- Track newly created Contributor accounts followed by requests to plugin REST endpoints within short time windows
How to Mitigate CVE-2026-12408
Immediate Actions Required
- Update the Slim SEO plugin to a version later than 4.9.8 once the vendor publishes a patched release
- Audit user accounts and remove or downgrade unnecessary Contributor-level and higher accounts
- Review WordPress access logs for prior requests to /wp-json/slim-seo/meta-tags/ai and identify potentially exposed posts
Patch Information
The vendor changeset is tracked at the Slim SEO plugin changeset 3576523. Administrators should upgrade to the fixed release referenced in the Wordfence Vulnerability Report and confirm the patched version is deployed across all WordPress instances.
Workarounds
- Restrict access to the /wp-json/slim-seo/meta-tags/ai REST route at the web application firewall (WAF) or reverse proxy layer until patching
- Temporarily deactivate the Slim SEO plugin on multi-author sites where Contributor accounts are untrusted
- Enforce least-privilege by limiting REST API access to Editor or Administrator roles through custom permission_callback filters
# Example: block the vulnerable REST route at nginx until patched
location ~ ^/wp-json/slim-seo/meta-tags/ai {
return 403;
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

