The plugin (from versions 16.7 until 17.2) discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.
Put a featured image in a post, then execute curl -s 'https://example.com/wp-json/wp/v2/posts?per_page=1' | jq '.[0].yoast_head_json.og_image[0].path'
Fariq Fadillah Gusti Insani
Fariq Fadillah Gusti Insani
Yes
2021-10-05 (about 1 years ago)
2022-02-23 (about 1 years ago)
2022-09-08 (about 1 years ago)