Description
Missing Authorization vulnerability in FolioVision FV Simpler SEO fv-all-in-one-seo-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FV Simpler SEO: from n/a through <= 1.9.6.
Published: 2025-12-24
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization flaw in the FolioVision FV Simpler SEO WordPress plugin, allowing attackers to bypass intended access restrictions. Exploiting the incorrectly configured security levels, an attacker could access or modify data and settings that should be protected, potentially leading to further compromise of the WordPress site or escalation to administrative privileges. This weakness is identified as CWE-862, which highlights the failure to verify an entity's authorization before granting access to resources.

Affected Systems

FolioVision FV Simpler SEO plugin versions up to and including 1.9.6 are affected. Users of this plugin on any WordPress website remain vulnerable until the plugin is updated to a later version.

Risk and Exploitability

The CVSS score of 5.3 indicates a medium severity risk. The EPSS score of less than 1% suggests very low current exploitation probability, and the vulnerability is not listed in CISA's KEV catalog, reducing immediate threat perception. The most plausible attack vector is remote via the web, with an attacker sending crafted requests to plugin endpoints that lack proper authorization checks. Successful exploitation would require that the attacker can reach the WordPress administration area or the plugin’s exposed interfaces. After verification, the attacker could gain unauthorized data access or perform privileged operations within the WordPress site.

Generated by OpenCVE AI on April 29, 2026 at 15:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the FV Simpler SEO plugin to a version newer than 1.9.6 to remove the missing authorization flaw.
  • If an upgrade is not immediately possible, disable the plugin to prevent its exposed endpoints from being accessed.
  • Implement or reinforce WordPress role‑based access control by ensuring that only appropriately privileged users can manage SEO settings, thereby limiting the impact should any residual access be gained.
  • Deploy a web application firewall or similar monitoring solution to detect and block anomalous requests targeting the plugin’s URLs.

Generated by OpenCVE AI on April 29, 2026 at 15:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

 cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Mon, 29 Dec 2025 23:15:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Wed, 24 Dec 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 24 Dec 2025 13:15:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in FolioVision FV Simpler SEO fv-all-in-one-seo-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FV Simpler SEO: from n/a through <= 1.9.6.
Title WordPress FV Simpler SEO plugin <= 1.9.6 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:14:30.710Z

Reserved: 2025-12-19T10:17:34.322Z

Link: CVE-2025-68579

cve-icon Vulnrichment

Updated: 2025-12-24T18:50:24.222Z

cve-icon NVD

Status : Deferred

Published: 2025-12-24T13:16:25.020

Modified: 2026-04-27T19:16:32.907

Link: CVE-2025-68579

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T15:30:14Z

Weaknesses