CVE-2025-12958

CVSS v3.1

2.7

Low

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Rankology SEO and Analytics Tool versions prior to 2.1

Description The Rankology SEO and Analytics Tool plugin for WordPress has an issue where data can be modified without proper authorization. This is due to a flawed capability check on the 'rankology code block' page. Authenticated attackers with Editor-level access or higher can add header and footer code blocks. The vulnerable component is the capability check on the /rankology code block API endpoint. The vulnerable parameter is the ability to add code blocks.

Recommendations Update to version 2.1 or later.

Fix

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285

Related Identifiers

CVE-2025-12958

Affected Products

Rankology Seo/Analytics Tool

Rankology Seo/Analytics Tool Plugin

CVE-2025-12958

Weakness Enumeration

Related Identifiers

Affected Products

References · 6