{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12367", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-10-27T19:24:21.361Z", "datePublished": "2025-11-01T03:34:36.429Z", "dateUpdated": "2026-04-08T16:53:19.148Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:53:19.148Z"}, "affected": [{"vendor": "softaculous", "product": "SiteSEO \u2013 SEO Simplified", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.3.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The SiteSEO \u2013 SEO Simplified plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.3.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with Author-level access and above, to enable or disable arbitrary SiteSEO features that they should not have access to."}], "title": "SiteSEO \u2013 SEO Simplified <= 1.3.1 - Missing Authorization to Authenticated (Author+) Plugin Settings Update", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/54535bef-23c3-4045-bb37-ba28ae5461b1?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/siteseo/tags/1.3.1/main/ajax.php#L340"}, {"url": "https://plugins.trac.wordpress.org/changeset/3387094/siteseo/trunk/main/ajax.php?contextall=1"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-285 Improper Authorization", "cweId": "CWE-285", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Athiwat Tiprasaharn"}], "timeline": [{"time": "2025-10-31T15:02:30.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-03T15:44:56.122085Z", "id": "CVE-2025-12367", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-03T15:46:46.785Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12367", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-03T15:44:56.122085Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-03T15:45:00.465Z"}}], "cna": {"title": "SiteSEO \u2013 SEO Simplified <= 1.3.1 - Missing Authorization to Authenticated (Author+) Plugin Settings Update", "credits": [{"lang": "en", "type": "finder", "value": "Athiwat Tiprasaharn"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "softaculous", "product": "SiteSEO \u2013 SEO Simplified", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.3.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-10-31T15:02:30.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/54535bef-23c3-4045-bb37-ba28ae5461b1?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/siteseo/tags/1.3.1/main/ajax.php#L340"}, {"url": "https://plugins.trac.wordpress.org/changeset/3387094/siteseo/trunk/main/ajax.php?contextall=1"}], "descriptions": [{"lang": "en", "value": "The SiteSEO \u2013 SEO Simplified plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.3.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with Author-level access and above, to enable or disable arbitrary SiteSEO features that they should not have access to."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-285", "description": "CWE-285 Improper Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:53:19.148Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12367", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:53:19.148Z", "dateReserved": "2025-10-27T19:24:21.361Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-11-01T03:34:36.429Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The SiteSEO \u2013 SEO Simplified plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.3.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with Author-level access and above, to enable or disable arbitrary SiteSEO features that they should not have access to."}], "id": "CVE-2025-12367", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-11-01T04:16:04.093", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/siteseo/tags/1.3.1/main/ajax.php#L340"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3387094/siteseo/trunk/main/ajax.php?contextall=1"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/54535bef-23c3-4045-bb37-ba28ae5461b1?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-285"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T11:48:30.701124+00:00", "value": {"mitigation_remediation": ["Upgrade the SiteSEO plugin to a version newer than 1.3.1, which contains the authorization fix.", "Review user accounts and ensure only trusted users have Author or higher roles; consider reducing the number of Author accounts.", "Confirm that the plugin\u2019s settings pages are protected by the appropriate capability checks and that no residual code allows editing without permission."], "summary": {"action": "Update Plugin", "impact": "Unauthorized modification of SiteSEO plugin settings"}, "threat_synthesis": {"affected_systems": "Softaculous\u2019 SiteSEO \u2013 SEO Simplified plugin is affected, specifically all installed copies running version 1.3.1 or older. The vulnerability exists within the plugin\u2019s AJAX handling code on WordPress sites that have the plugin active. Users should verify the installed plugin version and plan an upgrade if the current version is 1.3.1 or earlier.", "description_and_impact": "The SiteSEO \u2013 SEO Simplified plugin for WordPress has a missing authorization flaw in versions up to 1.3.1. The flaw allows authenticated users with Author-level access or higher to enable or disable arbitrary SiteSEO features without proper permission checks. This results in unexpected changes to SEO configuration, which can affect site visibility, search rankings, and potentially expose sensitive content. The weakness corresponds to CWE-285, Unauthorized Access.", "risk_and_exploitability": "The vulnerability has a CVSS base score of 4.3, indicating moderate severity. Its EPSS score is below 1\u202f%, suggesting a low probability of exploitation in the wild. It is not listed in the CISA KEV catalog. Because the flaw requires authentication and an Author or higher role, an attacker must be already able to log into the WordPress installation. Once authenticated, the attacker can toggle any feature controlled by the plugin, but there is no path to arbitrary code execution or full system compromise. The risk is therefore localized to the SEO configuration of the affected site."}}}}, "created": "2025-11-03T10:43:43.942438+00:00", "updated": "2026-04-22T12:00:05.920941+00:00", "vendors": ["softaculous", "softaculous$PRODUCT$siteseo", "wordpress", "wordpress$PRODUCT$wordpress"]}