What the vulnerability does
01Description
Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= 12.4.16 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
What the vulnerability does
Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= 12.4.16 versions.
Explanation of Vulnerability in Simple Terms
The SEO Plugin by Squirrly SEO through version 12.4.16 fails to properly check user permissions before allowing certain actions. An attacker without authentication can modify site content or settings by sending crafted requests over the network. The vulnerability requires specific conditions to exploit but can result in unauthorized changes to the site.
What an attacker can do
Modify site content or settings without logging in.
Potential impact on your site
Unauthorized changes to site content, SEO settings, or configuration without your knowledge or consent.
Conditions required to exploit
Network access; attacker must send specially crafted requests (no user interaction needed).
Key dates
External resources
Related vulnerabilities