Platform
wordpress
Component
wp-seo-search
Fixed in
1.1.1
CVE-2025-67626 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in the WP SEO Search plugin for WordPress. This vulnerability allows an attacker to potentially execute unauthorized actions on a user's account if they are tricked into clicking a malicious link. The vulnerability affects versions from 0.0.0 through 1.1 and has been resolved in version 1.2.
A successful CSRF attack could allow an attacker to modify site settings, publish content, or perform other actions as the logged-in user without their knowledge or consent. The impact is directly tied to the privileges of the user whose account is targeted. If an administrator's account is compromised, the attacker could gain full control over the WordPress site. This vulnerability highlights the importance of proper input validation and output encoding to prevent malicious requests from being executed.
This vulnerability was publicly disclosed on 2026-01-22. There are currently no known public exploits or active campaigns targeting this specific vulnerability. It is not listed on the CISA KEV catalog at the time of writing. The relatively low CVSS score suggests a moderate risk, but proactive patching is still recommended.
Exploit Status
EPSS
0.02% (4% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-67626 is to immediately upgrade the WP SEO Search plugin to version 1.2 or later. If upgrading is not immediately feasible, consider implementing a Content Security Policy (CSP) to restrict the origins from which scripts can be executed. Additionally, using a WordPress security plugin with CSRF protection can provide an additional layer of defense. After upgrading, verify the plugin's functionality and ensure no unexpected behavior occurs.
Update to version 1.2, or a newer patched version
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-67626 is a Cross-Site Request Forgery (CSRF) vulnerability in the WP SEO Search plugin for WordPress, allowing attackers to perform unauthorized actions.
You are affected if you are using WP SEO Search versions 0.0.0 through 1.1. Upgrade to version 1.2 or later to mitigate the risk.
Upgrade the WP SEO Search plugin to version 1.2 or later. Consider implementing a Content Security Policy (CSP) or using a WordPress security plugin for added protection.
There are currently no known public exploits or active campaigns targeting this specific vulnerability, but proactive patching is still recommended.
Refer to the plugin developer's website or WordPress.org plugin repository for the latest advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.