Name of the Vulnerable Software and Affected Versions:

SEO Metrics versions 1.0.5 through 1.0.15

Description:

The SEO Metrics plugin for WordPress is susceptible to privilege escalation due to insufficient authorization checks. Specifically, the `seo metrics handle connect button click()` AJAX handler and the `seo metrics handle custom endpoint()` function lack proper capability verification. A subscriber-level user can obtain a token and access the custom endpoint, potentially gaining full administrator cookies.

Recommendations:

Versions prior to 1.0.5 are not affected.

Update to a version later than 1.0.15.