CVE-2025-14481

Name of the Vulnerable Software and Affected Versions Yoast SEO versions prior to 26.6

Description An Insecure Direct Object Reference issue exists due to insufficient authorization checks in the Meta Search REST API endpoint. This flaw fails to verify post ownership, allowing authenticated attackers with Contributor-level access or higher to read sensitive SEO metadata from any post on the site, including private posts, drafts, and posts owned by other users, by manipulating the post id parameter.

Recommendations Update to a version newer than 26.5. Restrict access to the Meta Search REST API endpoint to minimize the risk of unauthorized metadata access.