CVE-2025-13085

The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Improper Authorization leading to Sensitive Post Meta Disclosure in versions up to and including 1.3.2. This is due to missing object-level authorization checks in the resolvevariables AJAX handler. This makes it possible for...

EUVD-2025-198140

The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Improper Authorization leading to Sensitive Post Meta Disclosure in versions up to and including 1.3.2. This is due to missing object-level authorization checks in the resolvevariables AJAX handler. This makes it possible for...

CVE-2025-13085 SiteSEO – SEO Simplified <= 1.3.2 - Insecure Direct Object Reference to Sensitive Post Meta Disclosure

The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Improper Authorization leading to Sensitive Post Meta Disclosure in versions up to and including 1.3.2. This is due to missing object-level authorization checks in the resolvevariables AJAX handler. This makes it possible for...

EUVD-2025-198108

The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to unauthorized modification of data due to n incorrect capability check on the siteseoresetsettings function in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, who have been granted acce...

CVE-2025-12814

The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to unauthorized modification of data due to n incorrect capability check on the siteseoresetsettings function in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, who have been granted acce...

CVE-2025-12814

CVE-2025-12814 concerns the WordPress plugin SiteSEO – SEO Simplified (versions ≤ 1.3.2). The issue is an improper authorization check in siteseo_reset_settings, allowing an authenticated attacker who has at least one SiteSEO setting capability to modify data by reseting the plugin’s settings. Th...

WordPress plugin SiteSEO 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An authorizati...

EUVD-2025-37412

The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.3.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with Author-level...

CVE-2025-12367 SiteSEO – SEO Simplified <= 1.3.1 - Missing Authorization to Authenticated (Author+) Plugin Settings Update

The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.3.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with Author-level...

CVE-2025-9277

CVE-2025-9277 concerns the WordPress plugin SiteSEO – SEO Simplified (versions up to and including 1.2.7). The vulnerability is a Stored Cross-Site Scripting due to a broken preg_replace expression and inadequate input sanitization/output escaping. Exploitation requires authentication at Contribu...