CVE-2024-3287 MEDIUM

CVE-2024-3287: SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer <= 3.10.2 - Missing Authorization

Vendor Wpmudev

Product SmartCrawl SEO checker, analyzer & optimizer

Weakness CWE-862 · Missing authorization

Published May 2, 2024

Last update April 8, 2026

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to unauthorized ld+json description injection due to a missing capability check on the save_settings function in all versions up to, and including, 3.10.2. This makes it possible for unauthenticated attackers to save schema types.

Key dates

02Disclosure timeline

May 2, 2024 CVE published

April 8, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-3287 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

04Related CVE

CVE-2024-30487 WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 5.1 - Broken Access Control vulnerability CVE-2025-12081 ACF Photo Gallery Field <= 3.0 - Missing Authorization to Authenticated (Subscriber+) Attachment Metadata Modification CVE-2026-32312 GLPI: Unauthorized export of form structure CVE-2024-7856 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar <= 5.7.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion CVE-2025-68085 WordPress Buttoner for Elementor plugin <= 1.0.6 - Settings Change vulnerability

Identifiers

CVE CVE-2024-3287

CWE CWE-862

CVSS 5.3 / MEDIUM

Affected versions

Vendor Wpmudev

Product SmartCrawl SEO checker, analyzer & optimizer

Affected ≤ 3.10.2