CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
What the vulnerability does
The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sq_ajax_uninstall function in all versions up to, and including, 12.4.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to disconnect the site from Squirrly's cloud service.
Explanation of Vulnerability in Simple Terms
The SEO Plugin by Squirrly SEO versions 12.4.14 and earlier lack proper authorization checks, allowing authenticated users with low privileges to modify site data they should not have access to. An attacker with a basic user account can alter content or settings without the necessary permissions. Update to a version newer than 12.4.14 to resolve this issue.
What an attacker can do
Modify site data or settings without proper authorization.
Potential impact on your site
Unauthorized users can alter plugin settings or content, potentially damaging site integrity.
Conditions required to exploit
Attacker must have a low-privilege user account on the site.
Key dates
External resources
Related vulnerabilities
