CVE-2025-6754

Name of the Vulnerable Software and Affected Versions SEO Metrics versions 1.0.5 through 1.0.15

Description The SEO Metrics plugin for WordPress is susceptible to privilege escalation due to insufficient authorization checks. Specifically, the seo metrics handle connect button click() AJAX handler and the seo metrics handle custom endpoint() function lack proper capability verification. A subscriber-level user can obtain a token and access the custom endpoint, potentially gaining full administrator cookies.

Recommendations Versions prior to 1.0.5 are not affected. Update to a version later than 1.0.15.