CVE-2025-12367
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-12367, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-11-01

Last updated on: 2025-11-04

Assigner: Wordfence

Description

The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.3.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with Author-level access and above, to enable or disable arbitrary SiteSEO features that they should not have access to.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-11-01
Last Modified
2025-11-04
Generated
2026-07-06
AI Q&A
2025-11-01
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
wordpress site_seo_plugin 1.3.1

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability in the SiteSEO – SEO Simplified WordPress plugin (up to version 1.3.1) is a Missing Authorization issue. It occurs because the plugin does not properly verify whether a user is authorized to perform certain actions. As a result, authenticated users with Author-level access or higher can enable or disable arbitrary SiteSEO features that they should not have permission to control.

Impact Analysis

This vulnerability allows authenticated users with Author-level access or above to change SiteSEO plugin settings without proper authorization. This could lead to unauthorized enabling or disabling of SEO features, potentially disrupting SEO configurations, affecting website search engine indexing, and possibly degrading site performance or visibility.

Detection Guidance

This vulnerability involves unauthorized changes to SiteSEO plugin settings by authenticated users with Author-level access or higher. Detection can focus on monitoring changes to SiteSEO plugin settings or AJAX actions related to toggling features, importing/exporting/resetting settings, and instant indexing submissions. Since these actions are performed via AJAX calls to ajax.php, you can monitor HTTP POST requests to the ajax.php endpoint of the SiteSEO plugin, especially those that include actions like save_toggle_state, import_settings, reset_settings, and instant_indexing. Commands to detect suspicious activity could include inspecting web server logs for POST requests to ajax.php with these actions, for example using grep: 1. To find AJAX POST requests to ajax.php: `grep 'POST .*ajax.php' /var/log/apache2/access.log` 2. To filter for specific actions in POST data (if logs include POST bodies): `grep -i 'action=save_toggle_state' /var/log/apache2/access.log` or use a web application firewall or intrusion detection system to alert on these actions from users with Author-level access. Additionally, monitoring WordPress user activity logs for unexpected changes to SiteSEO settings or toggles can help detect exploitation attempts. [1, 3]

Mitigation Strategies

Immediate mitigation steps include: 1. Update the SiteSEO plugin to version 1.3.2 or later, where security improvements and permission checks have been enhanced to prevent unauthorized actions. 2. Restrict user roles and capabilities to ensure only trusted users have Author-level or higher access, as the vulnerability requires at least Author-level access. 3. Monitor and audit SiteSEO plugin settings changes and AJAX requests to detect any unauthorized activity. 4. If updating immediately is not possible, consider temporarily disabling the SiteSEO plugin or restricting access to ajax.php endpoints via web server rules to prevent exploitation. 5. Apply WordPress security best practices such as enforcing strong passwords, limiting login attempts, and using security plugins to monitor suspicious behavior. These steps help prevent attackers from exploiting the missing authorization vulnerability to change SiteSEO plugin settings. [3]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12367. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart