The Google SEO Pressor Snippet plugin for WordPress contains a missing authorization flaw (CWE-862), allowing users without sufficient privileges to access administrative functions that should be restricted. An attacker can exploit the incorrectly configured access‑control checks to view, modify, or delete plugin configuration, which can change SEO metadata and alter how the site appears to search engines. The impact is a loss of control over marketing content and a potential decline in search visibility, though it does not provide direct code execution or system compromise.

Smackcoders Inc. Google SEO Pressor Snippet plugin, all releases from earlier versions through version 2.0. This includes any installation that has not applied updates beyond 2.0.

The CVSS score of 4.3 indicates moderate severity, and the EPSS score of <1% shows a very low current exploitation probability. The vulnerability is not listed in the CISA KEV catalog, meaning no confirmed exploitation has been reported. Attackers would most likely attempt to exploit this flaw via the WordPress web interface, targeting the plugin’s administrative endpoints without proper authorization checks. If an attacker succeeds, they could manipulate the site’s SEO data, degrade search engine performance, or remove critical snippets altogether.