CVE-2025-14342
Unauthorized Data Modification in Squirrly SEO Plugin via Missing Capability Check
Publication date: 2026-02-19
Last updated on: 2026-02-19
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| squirrly | squirrly_seo | to 12.4.14 (inc) |
| squirrly | squirrly_seo | 12.4.15 |
| squirrly | seo_plugin | to 12.4.14 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The SEO Plugin by Squirrly SEO for WordPress has a vulnerability due to a missing capability check on the sq_ajax_uninstall function in all versions up to and including 12.4.14.
This flaw allows authenticated attackers with Subscriber-level access or higher to perform unauthorized modifications, specifically to disconnect the site from Squirrly's cloud service.
How can this vulnerability impact me? :
An attacker with at least Subscriber-level access can exploit this vulnerability to disconnect your WordPress site from the Squirrly cloud service.
This unauthorized disconnection could disrupt SEO-related functionalities that rely on the cloud service, potentially affecting SEO data synchronization and plugin features.
Since the vulnerability does not affect confidentiality or availability directly, the impact is limited to integrity, specifically unauthorized modification of plugin settings.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability involves unauthorized modification of data via the sq_ajax_uninstall function in the Squirrly SEO WordPress plugin, allowing authenticated users with Subscriber-level access or higher to disconnect the site from Squirrly's cloud service."}, {'type': 'paragraph', 'content': 'Detection can focus on monitoring AJAX requests to the sq_ajax_uninstall action in the plugin, especially those initiated by users without proper administrative capabilities.'}, {'type': 'paragraph', 'content': 'Since the vulnerability is related to missing capability checks on the sq_ajax_uninstall function, you can detect suspicious activity by checking web server logs or using WordPress debugging tools to identify AJAX calls to this endpoint.'}, {'type': 'list_item', 'content': "Check web server access logs for POST requests containing 'action=sq_ajax_uninstall'. For example, using grep on Apache or Nginx logs: grep 'action=sq_ajax_uninstall' /var/log/apache2/access.log"}, {'type': 'list_item', 'content': 'Use WordPress debugging or security plugins to log AJAX requests and verify the user roles making these requests.'}, {'type': 'list_item', 'content': 'Run commands to monitor active sessions or logged-in users with Subscriber-level access performing unusual plugin uninstall or disconnect actions.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Squirrly SEO plugin to version 12.4.15 or later, where this vulnerability has been addressed.
If updating immediately is not possible, restrict Subscriber-level users from accessing or triggering the sq_ajax_uninstall function by applying custom capability checks or disabling AJAX uninstall actions temporarily.
Monitor and audit user activities related to plugin uninstall or disconnect actions to detect and respond to unauthorized attempts.
- Update the plugin to version 12.4.15 or newer, which includes fixes and improvements related to uninstall handling.
- Limit user permissions to prevent Subscriber-level users from triggering sensitive AJAX actions.
- Implement logging and alerting for AJAX uninstall requests to detect unauthorized attempts.