CVE-2025-14386
Authentication Bypass in Search Atlas SEO Plugin Allows Admin Takeover
Publication date: 2026-01-28
Last updated on: 2026-01-28
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| search_atlas | seo_plugin | From 2.4.4 (inc) to 2.5.12 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Search Atlas SEO plugin for WordPress, specifically in versions 2.4.4 to 2.5.12. It is caused by a missing capability check on the 'generate_sso_url' and 'validate_sso_token' functions. This flaw allows authenticated users with Subscriber-level access or higher to bypass authentication by extracting the 'nonce_token' authentication value, enabling them to log in as the first Administrator account.
How can this vulnerability impact me? :
An attacker with at least Subscriber-level access can exploit this vulnerability to gain Administrator-level access to the WordPress site. This can lead to full control over the site, including the ability to modify content, change settings, install malicious code, or compromise user data, resulting in a high impact on confidentiality, integrity, and availability.