SiteSEO – SEO Simplified

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Description

The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to unauthorized modification of data due to n incorrect capability check on the siteseo_reset_settings function in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, who have been granted access to at least on SiteSEO setting capability, to reset the plugin's settings.

Basic Information

ID CVE-2025-12814

Source Wordfence

Published Nov 19, 2025 at 05:45

Affected Product

Vendor softaculous

Product SiteSEO – SEO Simplified

Version *

Affected Versions softaculous SiteSEO – SEO Simplified *

CWE Classification

CWE-285

References

{
    "lastseen": "",
    "description": "The SiteSEO \u2013 SEO Simplified plugin for WordPress is vulnerable to unauthorized modification of data due to n incorrect capability check on the siteseo_reset_settings function in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, who have been granted access to at least on SiteSEO setting capability, to reset the plugin's settings.",
    "published": "2025-11-19T05:45:15.686Z",
    "modified": "2025-11-19T05:45:15.686Z",
    "type": "cve",
    "title": "SiteSEO \u2013 SEO Simplified <= 1.3.2 - Improper Authorization to Authenticated Settings Reset",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a376cafb-656c-4fe1-b5c1-c7e38dc5040e?source=cve\nhttps://plugins.trac.wordpress.org/browser/siteseo/tags/1.3.2/main/ajax.php#L90\nhttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3397272%40siteseo&new=3397272%40siteseo&sfp_email=&sfph_mail=",
    "id": "CVE-2025-12814",
    "bulletinFamily": "",
    "cwe": [
        "CWE-285"
    ],
    "cvelist": null,
    "sourceData": "softaculous SiteSEO \u2013 SEO Simplified *",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SiteSEO \u2013 SEO Simplified",
    "version": "*",
    "vendor": "softaculous",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

SiteSEO – SEO Simplified <= 1.3.2 - Improper Authorization to Authenticated Settings Reset_CVE-2025-12814