The SiteSEO plugin for WordPress has a security issue that can allow unauthorized access to sensitive information in versions up to and including 1.3.2. This is because it does not have proper checks in place to control who can access certain post metadata through the custom field variable feature. This means that users with a certain level of access (such as Author-level users who have been given SiteSEO access by an administrator) can view private information from posts, pages, and orders, even if they are not able to edit them. In some cases, this can expose personal information from customers, such as their names, email addresses, phone numbers, addresses, and payment methods.