CVE-2025-15285

Name of the Vulnerable Software and Affected Versions SEO Flow versions prior to 2.2.2

Description The SEO Flow plugin for WordPress is susceptible to unauthorized data modification because of a missing capability check within the checkBlogAuthentication() and checkCategoryAuthentication() functions. These functions rely solely on API key authentication without enforcing WordPress capability checks, allowing unauthenticated attackers to create, modify, and delete blog posts and categories.

Recommendations Update the SEO Flow plugin to version 2.2.2 or later.