CVE-2025-14386

Name of the Vulnerable Software and Affected Versions Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization versions 2.4.4 through 2.5.12

Description The Search Atlas SEO plugin for WordPress has a flaw that allows authentication bypass. This occurs because of a missing capability check within the generate sso url and validate sso token functions. Attackers with Subscriber-level access or higher can extract the nonce token authentication value and use it to log in as the first Administrator account.

Recommendations Versions 2.4.4 through 2.5.12 should be updated to a fixed version, if available. As a temporary workaround, restrict access to the generate sso url and validate sso token functions.