CVE-2025-62048 MEDIUM

CVE-2025-62048: WordPress SmartCrawl plugin <= 3.14.3 - Broken Access Control vulnerability

Vendor Wpmu Dev - Your All-In-One Wordpress Platform

Product SmartCrawl

Weakness CWE-862 · Missing authorization

Published October 22, 2025

Last update April 28, 2026

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform SmartCrawl smartcrawl-seo.This issue affects SmartCrawl: from n/a through <= 3.14.3.

Explanation of Vulnerability in Simple Terms

02Summary

SmartCrawl versions up to 3.14.3 lack proper authorization checks on certain administrative functions. A logged-in user with low privileges can modify site settings or data they should not have access to. The vulnerability requires a valid WordPress account but no special permissions. Update to a version newer than 3.14.3 to resolve this issue.

What an attacker can do

03Attacker Capabilities

Modify site settings or data without proper authorization as a low-privilege user.

Potential impact on your site

04Site Impact

Unauthorized users can alter SmartCrawl settings, potentially affecting SEO configuration or site functionality.

Conditions required to exploit

05Prerequisites

Attacker must have a valid WordPress user account with low privileges.

Key dates

06Disclosure timeline

October 22, 2025 CVE published

April 28, 2026 Record updated

External resources

07References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-62048 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

Identifiers

CVE CVE-2025-62048

CWE CWE-862

CVSS 5.4 / MEDIUM

Affected versions