Description
Contributor Broken Access Control in SEOPress PRO <= 9.1.1 versions.
Published: 2026-06-26
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw in the SEOPress PRO plugin is a broken access control that permits a user lacking administrative privileges to perform actions reserved for higher‑privilege roles. This could allow the user to alter critical SEO settings, potentially redirecting traffic or modifying site metadata in ways that compromise the site’s integrity. The impact is therefore a compromise of the site’s configuration and an increased risk of subsequent attacks that leverages the abused privileges.

Affected Systems

Any WordPress site that has installed SEOPress PRO version 9.1.1 or earlier. The vulnerability affects installations where the plugin version satisfies the "<= 9.1.1" criterion.

Risk and Exploitability

The CVSS score of 4.3 places this issue in the medium severity range, indicating a moderate potential impact if exploited. EPSS data is not available, so the likelihood of exploitation cannot be quantified from the available metrics. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is the plugin’s web interface; based on the description, it is inferred that the flaw requires authentication, as the access control checks are part of the administrative workflow, but no explicit statement confirms whether unauthenticated sessions can exploit the issue.

Generated by OpenCVE AI on June 26, 2026 at 18:37 UTC.

Remediation

Vendor Solution

Update the WordPress SEOPress PRO plugin to the latest available version (at least 9.2).

OpenCVE Recommended Actions

  • Update the SEOPress PRO plugin to version 9.2 or later.
  • Disable the SEOPress PRO plugin or its settings pages until the update is applied.
  • Review WordPress user roles to remove any unnecessary high‑privilege accounts and enforce the principle of least privilege.

Generated by OpenCVE AI on June 26, 2026 at 18:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 26 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
Description Contributor Broken Access Control in SEOPress PRO <= 9.1.1 versions.
Title WordPress SEOPress PRO plugin <= 9.1.1 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-26T15:40:55.902Z

Reserved: 2026-06-24T12:46:44.605Z

Link: CVE-2026-57430

cve-icon Vulnrichment

Updated: 2026-06-26T15:40:46.839Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T18:45:03Z

Weaknesses