CVE-2025-14941
Authorization Bypass in GZSEO Plugin Enables Stored XSS
Publication date: 2026-01-24
Last updated on: 2026-04-08
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gzseo | gzseo | to 2.0.11 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the GZSEO WordPress plugin up to version 2.0.11 is an authorization bypass that leads to Stored Cross-Site Scripting (XSS). This happens because the plugin lacks proper capability checks on multiple AJAX handlers and does not sufficiently sanitize or escape the 'embed_code' parameter. As a result, authenticated users with contributor-level access or higher can inject arbitrary content into any post. This injected content executes whenever a user views the affected post, potentially compromising site security.
How can this vulnerability impact me? :
This vulnerability can allow authenticated attackers with contributor or higher access to inject malicious scripts into posts on the website. These scripts execute in the browsers of users who view the infected posts, potentially leading to theft of user credentials, session hijacking, defacement, or distribution of malware. It compromises the integrity and security of the website and its users.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update the GZSEO WordPress plugin to a version later than 2.0.11 where the authorization bypass and stored XSS issues are fixed. Additionally, restrict contributor-level access if possible until the update is applied, and review any posts for suspicious embedded content that could exploit the vulnerability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for unauthorized or suspicious AJAX requests to the GZSEO plugin's video update handlers, especially those involving the embed_code parameter. Since the vulnerability involves missing capability checks on AJAX handlers and stored XSS via embed_code, monitoring POST requests to AJAX endpoints related to GZSEO (e.g., admin-ajax.php with actions related to video updates) for unusual or unauthorized input can help detect exploitation attempts. Specific commands to detect this might include using network monitoring tools or command-line utilities like curl to simulate AJAX requests and check responses, or grep to search WordPress logs for suspicious embed_code parameters. For example, you can use the following command to search web server logs for suspicious embed_code usage: `grep -i 'embed_code' /var/log/apache2/access.log` or monitor AJAX requests with: `tail -f /var/log/apache2/access.log | grep admin-ajax.php`. However, no explicit detection commands are provided in the resources. [2]