Primary

Context

WordLift SEO Plugin for WordPress Missing Capability Check Vulnerability

Vulnerability

A vulnerability exists in the WordLift SEO Schema plugin for WordPress, in all versions through 3.54.0. The issue arises from a lack of proper capability checks on the 'wl_config_plugin' AJAX action, allowing unauthorized access. This vulnerability enables unauthenticated attackers to modify the plugin's settings.

Impact

Exploitation of this vulnerability allows for unauthorized modification of the WordLift plugin's settings by unauthenticated users.

Remediation

Users can update to WordLift version 3.54.4, which addresses this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

7.6

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

7.6

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordLift SEO Plugin for WordPress Missing Capability Check Vulnerability

Vulnerability

Impact

Remediation

Affected Products

WordLift

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating