The plugin discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.
Put a featured image in a post, then execute curl -s 'https://example.com/wp-json/wp/v2/posts?per_page=1' | jq '.[0].yoast_head_json.og_image[0].path'
Fariq Fadillah Gusti Insani
Fariq Fadillah Gusti Insani
Yes
2021-10-05 (about 9 months ago)
2022-02-23 (about 4 months ago)
2022-04-11 (about 2 months ago)