Primary

Context

SiteSEO SEO Simplified Missing Authorization Vulnerability in WordPress Plugin

Vulnerability

A missing authorization vulnerability has been identified in the SiteSEO – SEO Simplified plugin for WordPress, affecting versions through 1.3.1. The vulnerability arises because the plugin fails to properly verify user authorization for certain actions. This flaw allows authenticated attackers with Author-level access or higher to enable or disable SiteSEO features that should be restricted.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in SiteSEO plugin settings, allowing attackers to manipulate SEO features without proper authorization.

Remediation

Users are advised to update the SiteSEO – SEO Simplified plugin to version 1.3.2 or a newer patched version.

Added: Nov 1, 2025, 4:18 AM

Updated: Nov 1, 2025, 4:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.9

remediation

7.7

relevance

0.8

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.9

remediation

7.7

relevance

0.8

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SiteSEO SEO Simplified Missing Authorization Vulnerability in WordPress Plugin

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating