Slim Seo
Monthly
Broken access control in the Slim SEO WordPress plugin through version 4.6.2 allows authenticated users holding the Contributor role to bypass authorization checks and access restricted data, yielding a high confidentiality impact per CVSS C:H. The flaw is rooted in CWE-862 (Missing Authorization), meaning the plugin fails to verify whether the requesting user holds sufficient privileges before executing certain privileged actions. No public exploit code and no CISA KEV listing exist at time of analysis; however, low attack complexity and no required user interaction make this straightforward to exploit by any valid contributor-level account holder.
Broken access control in the Slim SEO WordPress plugin through version 4.6.2 allows authenticated users holding the Contributor role to bypass authorization checks and access restricted data, yielding a high confidentiality impact per CVSS C:H. The flaw is rooted in CWE-862 (Missing Authorization), meaning the plugin fails to verify whether the requesting user holds sufficient privileges before executing certain privileged actions. No public exploit code and no CISA KEV listing exist at time of analysis; however, low attack complexity and no required user interaction make this straightforward to exploit by any valid contributor-level account holder.