A missing authorization flaw in the WordPress HBSS Technologies MAIO – The new AI GEO / SEO tool plugin permits exploitation of incorrectly configured access control security levels, allowing unauthorized users to access privileged functions. This issue aligns with CWE‑862 and threatens the site’s integrity by enabling manipulation of SEO settings or other privileged operations.

WordPress sites that have installed HBSS Technologies MAIO – The new AI GEO / SEO tool version 6.2.8 or earlier are affected. The issue applies to every release from the first available version up through 6.2.8.

The CVSS base score of 5.3 indicates moderate severity, and the EPSS score below 1% suggests exploitation is unlikely in the wild. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that attackers may be able to exploit incorrectly configured access controls to gain unauthorized access to privileged functions within the plugin without necessarily requiring preexisting administrative credentials; once the vulnerability is leveraged, the attacker can perform privileged actions such as modifying SEO settings, presenting a moderate but significant risk.