Impact
This vulnerability is a missing‑authorization flaw (CWE‑862) that allows unauthenticated users to access the plugin's administrative endpoints and modify settings or data on WordPress websites running versions 12.4.16 or older. An attacker could alter SEO metadata, inject malicious redirects, or otherwise manipulate site content, compromising confidentiality and integrity.
Affected Systems
The affected product is the SEO Squirrly:SEO Plugin by Squirrly SEO deployed on WordPress sites. All installations running version 12.4.16 or older are vulnerable; versions 12.4.17 and newer contain the fix.
Risk and Exploitability
The CVSS score of 7.5 marks the issue as high severity. The EPSS score is less than 1 percent, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is through the WordPress web interface where an unauthenticated user can issue requests to the plugin’s administrative routes. While the low exploitation probability reduces immediate risk, any site that hosts the vulnerable plugin remains at risk until patched.
OpenCVE Enrichment