The vulnerability is a Cross‑Site Request Forgery (CWE‑352) flaw in the Google SEO Pressor Snippet WordPress plugin version 2.0 and earlier. An attacker can craft a malicious request that, when processed by a logged‑in user, will trigger the plugin to execute actions without the user’s explicit consent. The impacted operations can modify the plugin’s configuration or data, potentially leading to integrity violations and unauthorized content changes. This does not directly breach confidentiality but can degrade the integrity of website data and user experience.

The issue affects WordPress installations that have the Smackcoders Inc. Google SEO Pressor Snippet plugin installed, any version from the first release up to and including 2.0.

The CVSS score of 4.3 places the flaw in the moderate risk range, while the EPSS score of less than 1% indicates a very low but non‑zero probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. The inferred attack vector is network‑based, relying on a victim’s authenticated session; an attacker would need a user to visit a specially crafted URL or be able to inject requests through a compromised site or script. Given the low exploitation probability and moderate impact, immediate patching is recommended, but organizations may also monitor and control malicious request patterns if an upgrade is not yet possible.