WordPress SEOPress plugin <= 8.1.1 - Broken Access Control vulnerability
CVE-2024-50455

8.8HIGH

Key Information:

Vendor: WordPress
Status: Seopress
Vendor: CVE Published:; 29 October 2024

Summary

A missing authorization vulnerability exists in the SEOPress plugin developed by The SEO Guys, allowing unauthorized users to exploit incorrectly configured access control security levels. This weakness poses a significant risk to the integrity of user permissions within the affected SEOPress versions, facilitating unauthorized access and actions that could compromise sensitive data or administrative functions. It's crucial for users to review their configurations and apply necessary updates to safeguard against potential exploits.

Affected Version(s)

SEOPress <= 8.1.1

References

https://patchstack.com/database/vulnerability/wp-seopress...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 29, 2024

Credit

Rafie Muhammad (Patchstack)