CVE-2026-7624
Deferred Deferred - Pending Action
Authorization Bypass in Squirrly SEO WordPress Plugin

Publication date: 2026-06-06

Last updated on: 2026-06-08

Assigner: Wordfence

Description
The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with contributor-level access and above, to invoke privileged state-changing Squirrly cloud API operations, such as revoking the site's Google Search Console and Google Analytics integrations via `api/gsc/revoke` and `api/ga/revoke`, that are otherwise restricted to administrator-level users holding the `sq_manage_settings` capability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-06
Last Modified
2026-06-08
Generated
2026-06-27
AI Q&A
2026-06-06
EPSS Evaluated
2026-06-25
NVD
CVE-2026-7624
EUVD
EUVD-2026-34956
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
squirrly seo_plugin to 12.4.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The SEO Plugin by Squirrly SEO for WordPress has an authorization bypass vulnerability in all versions up to and including 12.4.16. This occurs because the plugin does not properly verify whether a user is authorized to perform certain actions.

As a result, authenticated users with contributor-level access or higher can perform privileged operations that should be restricted to administrators. For example, they can revoke the site's Google Search Console and Google Analytics integrations via specific API endpoints.

Impact Analysis

This vulnerability allows users with lower-level access (contributors and above) to perform administrative actions without proper authorization.

  • Unauthorized revocation of Google Search Console integration.
  • Unauthorized revocation of Google Analytics integration.

Such actions could disrupt website analytics and search engine monitoring, potentially impacting site management and performance tracking.

Detection Guidance

This vulnerability involves an authorization bypass in the Squirrly SEO plugin for WordPress, allowing contributor-level users to perform privileged actions normally restricted to administrators.

Detection on your system would involve monitoring for unusual API calls to endpoints such as `api/gsc/revoke` and `api/ga/revoke` that revoke Google Search Console and Google Analytics integrations.

You can check your web server logs or WordPress access logs for requests to these API endpoints made by users with contributor-level privileges.

Suggested commands include using grep or similar tools to search logs for these API calls, for example:

  • grep 'api/gsc/revoke' /path/to/access.log
  • grep 'api/ga/revoke' /path/to/access.log

Additionally, auditing WordPress user roles and recent changes to plugin settings may help identify unauthorized actions.

Mitigation Strategies

Immediate mitigation steps include updating the Squirrly SEO plugin to a version later than 12.4.16 where the authorization bypass is fixed.

If an update is not immediately available, restrict contributor-level users from accessing the plugin or disable the plugin temporarily to prevent exploitation.

Review and limit user roles and capabilities to ensure only trusted users have contributor-level access or higher.

Monitor your site for any unauthorized changes to Google Search Console and Google Analytics integrations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7624. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart