CVE-2025-12367 MEDIUM

CVE-2025-12367: SiteSEO – SEO Simplified <= 1.3.1 - Missing Authorization to Authenticated (Author+) Plugin Settings Update

Vendor Softaculous

Product SiteSEO – SEO Simplified

Weakness CWE-285

Published November 1, 2025

Last update April 8, 2026

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.3.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with Author-level access and above, to enable or disable arbitrary SiteSEO features that they should not have access to.

Key dates

02Disclosure timeline

November 1, 2025 CVE published

April 8, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-12367

Related vulnerabilities

04Related CVE

CVE-2026-3762 SourceCodester Client Database Management System Endpoint superadmin_delete_manager.php improper authorization CVE-2025-7947 jshERP Account delete improper authorization CVE-2024-20381 Cisco Network Services Orchestrator Configuration Update Authorization Bypass Vulnerability CVE-2026-5412 Juju CloudSpec API could leak senstive information CVE-2025-10731 ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.12 - Unauthenticated Sensitive Information Exposure to Data Export