Plataforma
wordpress
Componente
wp-seo-search
Corrigido em
1.1.1
CVE-2025-67626 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in the WP SEO Search plugin for WordPress. This vulnerability allows an attacker to potentially execute unauthorized actions on a user's account if they are tricked into clicking a malicious link. The vulnerability affects versions from 0.0.0 through 1.1 and has been resolved in version 1.2.
A successful CSRF attack could allow an attacker to modify site settings, publish content, or perform other actions as the logged-in user without their knowledge or consent. The impact is directly tied to the privileges of the user whose account is targeted. If an administrator's account is compromised, the attacker could gain full control over the WordPress site. This vulnerability highlights the importance of proper input validation and output encoding to prevent malicious requests from being executed.
This vulnerability was publicly disclosed on 2026-01-22. There are currently no known public exploits or active campaigns targeting this specific vulnerability. It is not listed on the CISA KEV catalog at the time of writing. The relatively low CVSS score suggests a moderate risk, but proactive patching is still recommended.
Websites using the WP SEO Search plugin, particularly those with administrator accounts that are frequently targeted or have weak passwords, are at risk. Shared WordPress hosting environments where multiple sites share the same server resources are also potentially more vulnerable.
• wordpress / composer / npm:
wp plugin list | grep wp-seo-search• wordpress / composer / npm:
wp plugin update --all• wordpress / composer / npm:
wp plugin status wp-seo-search• generic web: Check for unusual activity in WordPress admin logs, specifically POST requests to plugin endpoints.
disclosure
Status do Exploit
EPSS
0.02% (percentil 4%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2025-67626 is to immediately upgrade the WP SEO Search plugin to version 1.2 or later. If upgrading is not immediately feasible, consider implementing a Content Security Policy (CSP) to restrict the origins from which scripts can be executed. Additionally, using a WordPress security plugin with CSRF protection can provide an additional layer of defense. After upgrading, verify the plugin's functionality and ensure no unexpected behavior occurs.
Atualize para a versão 1.2, ou uma versão corrigida mais recente
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-67626 is a Cross-Site Request Forgery (CSRF) vulnerability in the WP SEO Search plugin for WordPress, allowing attackers to perform unauthorized actions.
You are affected if you are using WP SEO Search versions 0.0.0 through 1.1. Upgrade to version 1.2 or later to mitigate the risk.
Upgrade the WP SEO Search plugin to version 1.2 or later. Consider implementing a Content Security Policy (CSP) or using a WordPress security plugin for added protection.
There are currently no known public exploits or active campaigns targeting this specific vulnerability, but proactive patching is still recommended.
Refer to the plugin developer's website or WordPress.org plugin repository for the latest advisory and update information.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.