{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-68019", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-12-15T10:00:59.032Z", "datePublished": "2026-01-22T16:52:04.172Z", "dateUpdated": "2026-04-28T19:55:11.961Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "seo-booster", "product": "SEO Booster", "vendor": "cleverplugins", "versions": [{"lessThanOrEqual": "6.1.8", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Legion Hunter | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:02:14.424Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in cleverplugins SEO Booster seo-booster allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects SEO Booster: from n/a through <= 6.1.8.</p>"}], "value": "Missing Authorization vulnerability in cleverplugins SEO Booster seo-booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Booster: from n/a through <= 6.1.8."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:26.582Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/seo-booster/vulnerability/wordpress-seo-booster-plugin-6-1-8-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress SEO Booster plugin <= 6.1.8 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-28T23:51:29.144021Z", "id": "CVE-2025-68019", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T19:55:11.961Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-68019", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-28T23:51:29.144021Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-28T23:51:22.651Z"}}], "cna": {"title": "WordPress SEO Booster plugin <= 6.1.8 - Broken Access Control vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Legion Hunter | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "affected": [{"vendor": "cleverplugins", "product": "SEO Booster", "versions": [{"status": "affected", "version": "n/a", "versionType": "custom", "lessThanOrEqual": "<= 6.1.8"}], "packageName": "seo-booster", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-01-22T17:44:11.751Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/seo-booster/vulnerability/wordpress-seo-booster-plugin-6-1-8-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in cleverplugins SEO Booster seo-booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Booster: from n/a through <= 6.1.8.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in cleverplugins SEO Booster seo-booster allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects SEO Booster: from n/a through <= 6.1.8.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-01-22T16:52:04.172Z"}}}, "cveMetadata": {"cveId": "CVE-2025-68019", "state": "PUBLISHED", "dateUpdated": "2026-01-28T23:51:35.017Z", "dateReserved": "2025-12-15T10:00:59.032Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-01-22T16:52:04.172Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in cleverplugins SEO Booster seo-booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Booster: from n/a through <= 6.1.8."}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en cleverplugins SEO Booster seo-booster permite la explotaci\u00f3n de niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a SEO Booster: desde n/a hasta &lt;= 6.1.8."}], "id": "CVE-2025-68019", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-01-22T17:16:08.360", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/seo-booster/vulnerability/wordpress-seo-booster-plugin-6-1-8-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-27T21:22:46.669849+00:00", "value": {"mitigation_remediation": ["Update the SEO Booster plugin to version 6.1.9 or later to remove the missing authorization checks", "If an immediate update is not possible, limit exposure by restricting access to the plugin\u2019s administrative pages to users with the highest privileges (e.g., only administrators) and apply role\u2011based access controls", "Perform an audit of all users with WordPress access privileges to ensure that only trusted accounts have sufficient rights to interact with SEO Booster"], "summary": {"action": "Patch Plugin", "impact": "Unauthorized access to SEO Booster configuration and data, enabling potential manipulation or information disclosure"}, "threat_synthesis": {"affected_systems": "The vulnerability is present in the cleverplugins SEO Booster plugin versions from the beginning of its releases up through 6.1.8. No further version information is listed, so any installation using 6.1.8 or earlier is affected.", "description_and_impact": "The flaw is a missing authorization check in the SEO Booster plugin for WordPress, classified as CWE-862. It permits users to access and potentially modify configuration settings or SEO data that they should not be able to reach, leading to undesired information disclosure or manipulation of the site\u2019s search engine optimization.", "risk_and_exploitability": "The CVSS score is 6.5, indicating a medium severity. The EPSS score is below 1%, suggesting a low current likelihood of exploitation, and the issue is not listed in the CISA KEV catalog. An attacker who can submit requests to the plugin\u2019s endpoints\u2014potentially via an authenticated WordPress session\u2014can bypass authorization checks, making the attack vector likely to involve web request manipulation or administrative access credential theft."}}}}, "created": "2026-01-23T16:30:53.807945+00:00", "updated": "2026-04-27T21:30:13.885428+00:00", "vendors": ["cleverplugins", "cleverplugins$PRODUCT$seo_booster", "wordpress", "wordpress$PRODUCT$wordpress"]}