Primary

Context

SEO LAT Auto Post WordPress Plugin File Overwrite Vulnerability Allowing Remote Code Execution

Vulnerability

A vulnerability exists in the SEO LAT Auto Post plugin for WordPress, all versions through 2.2.1, allowing file overwrite due to a lack of proper capability checks on the remote_update AJAX action. This flaw enables unauthenticated attackers to overwrite the seo-beginner-auto-post.php file, potentially leading to remote code execution.

Impact

Exploitation of this vulnerability allows for unauthorized file overwriting, which can be used to execute arbitrary code on the server.

Remediation

No known patch is available. It is recommended to uninstall the affected plugin and find a replacement.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

0.0

relevance

0.0

threat

1.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

0.0

relevance

0.0

threat

1.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SEO LAT Auto Post WordPress Plugin File Overwrite Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating