CVE-2025-68019
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-01-29
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cleverplugins | seo_booster | From 6.1.0 (inc) to 6.1.8 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-68019 is a Broken Access Control vulnerability in the WordPress SEO Booster Plugin (versions up to 6.1.8). It occurs due to missing authorization, authentication, or nonce token checks in certain plugin functions, allowing unauthenticated users to perform actions that should require higher privileges. This means attackers can exploit incorrectly configured access control to execute unauthorized actions. [1]
How can this vulnerability impact me? :
This vulnerability can allow unauthenticated attackers to perform privileged actions within the SEO Booster plugin, potentially compromising the security and integrity of your WordPress site. Since no authentication is required, attackers could exploit this flaw to manipulate plugin functions, which may lead to unauthorized changes, data exposure, or other security issues. The vulnerability has a moderate risk level with a CVSS score of 6.5. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the mitigation rule developed and issued by Patchstack to block attacks targeting this vulnerability until an official patch is released. This mitigation can be safely tested and deployed to protect affected websites. Additionally, using Patchstack's automated vulnerability mitigation services is recommended to maintain website security. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability can be detected by monitoring for attempts to exploit missing authorization or broken access control in the SEO Booster plugin (versions up to 6.1.8). Since the issue allows unauthenticated users to perform privileged actions, detection involves looking for unauthorized access attempts to plugin functions. Patchstack provides a mitigation rule that can be deployed to block attacks targeting this flaw, which can also be used to detect exploitation attempts. Specific commands are not provided in the resources, but deploying the Patchstack mitigation rule is recommended to detect and prevent exploitation. [1]