Missing Authorization vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.4.05.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Squirrly
  • Seo Plugin By Squirrly Seo

Configuration 1 [-]

cpe:2.3:a:squirrly:seo_plugin_by_squirrly_seo:*:*:*:*:*:wordpress:*:*

No data.

References
Link Providers
https://patchstack.com/database/wordpress/plugin/squirrly-seo/vulnerability/wordpress-squirrly-seo-plugin-12-4-05-broken-access-control-vulnerability?_s_id=cve cve-icon cve-icon
History

Fri, 04 Apr 2025 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Squirrly
Squirrly seo Plugin By Squirrly Seo
CPEs cpe:2.3:a:squirrly:seo_plugin_by_squirrly_seo:*:*:*:*:*:wordpress:*:*
Vendors & Products Squirrly
Squirrly seo Plugin By Squirrly Seo

Tue, 04 Mar 2025 03:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 03 Mar 2025 09:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.4.05.
Title WordPress Squirrly SEO plugin <= 12.4.05 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N'}
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2025-03-03T16:04:49.475Z

Reserved: 2025-01-23T14:51:49.211Z

Link: CVE-2025-24654

cve-icon Vulnrichment

Updated: 2025-03-03T16:04:45.926Z

cve-icon NVD

Status : Analyzed

Published: 2025-03-03T09:15:39.660

Modified: 2025-04-04T14:48:15.770

Link: CVE-2025-24654

cve-icon Redhat

No data.