Primary

Context

Search Atlas SEO Plugin Authentication Bypass Vulnerability Allowing Account Takeover

Vulnerability

An authentication bypass vulnerability has been identified in the Search Atlas SEO plugin for WordPress, specifically in versions 2.4.4 to 2.5.12. The issue arises from a missing capability check in the 'generate_sso_url' and 'validate_sso_token' functions. This vulnerability allows authenticated attackers with Subscriber-level access and above to extract the 'nonce_token' authentication value, enabling them to log in to the first Administrator's account.

Impact

Exploitation of this vulnerability allows for authentication bypass, enabling an attacker to gain unauthorized access to an Administrator's account.

Remediation

No known patch is available. It is recommended to review the vulnerability details and consider uninstalling the affected plugin.

Added: Jan 28, 2026, 12:37 PM

Updated: Jan 28, 2026, 12:37 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.9

remediation

0.0

relevance

2.3

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.9

remediation

0.0

relevance

2.3

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Search Atlas SEO Plugin Authentication Bypass Vulnerability Allowing Account Takeover

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating