Description
Missing Authorization vulnerability in Space Codes AI for SEO ai-for-seo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI for SEO: from n/a through <= 1.2.9.
Published: 2025-01-07
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Missing authorization in the Space Codes AI for SEO plugin allows an attacker to bypass intended access controls and manipulate the plugin without proper authentication. This flaw can enable unauthorized modification of SEO settings, leading to potential data leakage or disruption of site optimization. The weakness is a classic authorization bypass, identified as CWE‑862.

Affected Systems

All WordPress sites running Space Codes AI for SEO plugin version 1.2.9 or earlier are affected. The vulnerability applies broadly from the earliest available release up to and including 1.2.9. Administrators should verify the plugin version and upgrade if possible.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate severity, and the EPSS score of less than 1% implies a very low probability of real‑world exploitation at this time. The vulnerability is not listed in the CISA KEV catalog. Likely attack conditions involve a web request to the plugin’s administrative endpoints by a user with any role, possibly requiring authenticated access but with misconfigured permissions. Because the plugin is widely distributed, the risk is present for all installations that have not upgraded.

Generated by OpenCVE AI on May 1, 2026 at 22:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the AI for SEO plugin to a version newer than 1.2.9 as soon as a fix is available.
  • Restrict access to the plugin’s administrative pages by enforcing whitelisted IP addresses or role checks.
  • Verify and adjust WordPress user roles and capabilities to ensure only trusted administrators can manage SEO settings.
  • Remove the plugin if it is no longer required or if a patch is delayed.

Generated by OpenCVE AI on May 1, 2026 at 22:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-2699 Missing Authorization vulnerability in spacecodes AI for SEO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI for SEO: from n/a through 1.2.9.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in spacecodes AI for SEO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI for SEO: from n/a through 1.2.9. Missing Authorization vulnerability in Space Codes AI for SEO ai-for-seo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI for SEO: from n/a through <= 1.2.9.
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Tue, 07 Jan 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 07 Jan 2025 11:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in spacecodes AI for SEO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI for SEO: from n/a through 1.2.9.
Title WordPress AI for SEO plugin <= 1.2.9 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:10:58.859Z

Reserved: 2025-01-03T13:16:00.602Z

Link: CVE-2025-22299

cve-icon Vulnrichment

Updated: 2025-01-07T15:51:03.664Z

cve-icon NVD

Status : Deferred

Published: 2025-01-07T11:15:13.943

Modified: 2026-06-17T08:46:16.720

Link: CVE-2025-22299

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T22:30:16Z

Weaknesses