PT-2026-43575 · WordPress · Metamagic Seo Plugin

Muhammad Afnaan

·

Published

2026-05-27

·

Updated

2026-06-04

·

CVE-2026-8942

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions MetaMagic SEO Plugin versions prior to 1.7
Description The MetaMagic SEO Plugin for WordPress is subject to Cross-Site Request Forgery, a flaw where an attacker tricks a victim into performing actions they did not intend to. This occurs due to missing or incorrect nonce validation in the metamagic update options() function. Unauthenticated attackers can exploit this to modify SEO settings, such as enabling or disabling the plugin and toggling the output of keyword and description meta tags, by inducing a site administrator to click a malicious link.
Recommendations Update the plugin to a version later than 1.6. As a temporary workaround, restrict administrative access to the plugin settings page to minimize the risk of exploitation.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-8942

Affected Products

Metamagic Seo Plugin