What the vulnerability does
01Description
Incorrect Privilege Assignment vulnerability in axiomthemes smart SEO smartSEO allows Privilege Escalation.This issue affects smart SEO: from n/a through <= 4.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Incorrect Privilege Assignment vulnerability in axiomthemes smart SEO smartSEO allows Privilege Escalation.This issue affects smart SEO: from n/a through <= 4.0.
Explanation of Vulnerability in Simple Terms
Smart SEO versions 4.0 and earlier contain a critical vulnerability that allows unauthenticated attackers to read sensitive data, modify site content, or disrupt service without any user interaction. The vulnerability stems from improper privilege controls (CWE-266) and affects all versions from release. Site administrators should update immediately to a version newer than 4.0.
What an attacker can do
Read sensitive data, modify site content, or disable the site without authentication.
Potential impact on your site
Your site's data, content, and availability are at immediate risk from any internet user.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities