Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for SmartCrawl SEO checker, analyzer & optimizer by wpmudev

    CVE-2025-11163 (GCVE-0-2025-11163)

    Vulnerability from nvd – Published: 2025-09-30 05:28 – Updated: 2026-04-08 17:05
    VLAI
    Title
    SmartCrawl SEO checker, analyzer & optimizer <= 3.14.3 - Missing Authorization to Plugin Settings Update
    Summary
    The SmartCrawl SEO checker, analyzer & optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_submodule() function in all versions up to, and including, 3.14.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's setttings.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Credits
    Rafshanzani Suhada
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11163",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-30T15:41:07.958207Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-30T15:41:18.658Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SmartCrawl SEO checker, analyzer \u0026 optimizer",
              "vendor": "wpmudev",
              "versions": [
                {
                  "lessThanOrEqual": "3.14.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Rafshanzani Suhada"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The SmartCrawl SEO checker, analyzer \u0026 optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_submodule() function in all versions up to, and including, 3.14.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin\u0027s setttings."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:05:39.836Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8a63a9b3-c056-45f3-952c-9aee997d1d27?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/smartcrawl-seo/tags/3.14.2/includes/core/controllers/class-submodule-controller.php#L123"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3366486/smartcrawl-seo/trunk/includes/core/controllers/class-submodule-controller.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-29T16:47:13.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2025-09-29T16:32:13.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "SmartCrawl SEO checker, analyzer \u0026 optimizer \u003c= 3.14.3 - Missing Authorization to Plugin Settings Update"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-11163",
        "datePublished": "2025-09-30T05:28:53.152Z",
        "dateReserved": "2025-09-29T16:31:24.156Z",
        "dateUpdated": "2026-04-08T17:05:39.836Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-6556 (GCVE-0-2024-6556)

    Vulnerability from nvd – Published: 2024-07-10 08:32 – Updated: 2026-04-08 16:51
    VLAI
    Title
    SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer <= 3.10.8 - Unauthenticated Full Path Disclosure
    Summary
    The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.10.8. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    wpmudev SmartCrawl SEO checker, analyzer & optimizer Affected: 0 , ≤ 3.10.8 (semver)
    Create a notification for this product.
    wpmudev smartcrawl Affected: 0 , ≤ 3.10.8 (custom)
        cpe:2.3:a:wpmudev:smartcrawl:*:*:*:*:*:wordpress:*:*
    Create a notification for this product.
    Credits
    Matthew Rollings
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:wpmudev:smartcrawl:*:*:*:*:*:wordpress:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "smartcrawl",
                "vendor": "wpmudev",
                "versions": [
                  {
                    "lessThanOrEqual": "3.10.8",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-6556",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-10T15:21:55.160117Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-10T15:26:44.587Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:41:03.684Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d357096-25da-4cbf-9c6c-261bf1b29a9f?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3115079%40smartcrawl-seo\u0026new=3115079%40smartcrawl-seo\u0026sfp_email=\u0026sfph_mail="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SmartCrawl SEO checker, analyzer \u0026 optimizer",
              "vendor": "wpmudev",
              "versions": [
                {
                  "lessThanOrEqual": "3.10.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Matthew Rollings"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.10.8. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:51:23.519Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d357096-25da-4cbf-9c6c-261bf1b29a9f?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3115079%40smartcrawl-seo\u0026new=3115079%40smartcrawl-seo\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-09T19:53:14.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer \u003c= 3.10.8 - Unauthenticated Full Path Disclosure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-6556",
        "datePublished": "2024-07-10T08:32:16.591Z",
        "dateReserved": "2024-07-08T14:28:38.764Z",
        "dateUpdated": "2026-04-08T16:51:23.519Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-3287 (GCVE-0-2024-3287)

    Vulnerability from nvd – Published: 2024-05-02 16:52 – Updated: 2026-04-08 17:11
    VLAI
    Title
    SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer <= 3.10.2 - Missing Authorization
    Summary
    The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to unauthorized ld+json description injection due to a missing capability check on the save_settings function in all versions up to, and including, 3.10.2. This makes it possible for unauthenticated attackers to save schema types.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    wpmudev SmartCrawl SEO checker, analyzer & optimizer Affected: 0 , ≤ 3.10.2 (semver)
    Create a notification for this product.
    wpmudev smartcrawl Affected: 0 , ≤ 3.10.2 (semver)
        cpe:2.3:a:wpmudev:smartcrawl:*:*:*:*:*:wordpress:*:*
    Create a notification for this product.
    Credits
    Krzysztof Zając
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:05:08.362Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9a77672b-340e-4f10-abe7-461c2db537b8?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/3073136/smartcrawl-seo/trunk/includes/core/schema/class-types.php?old=2943058\u0026old_path=smartcrawl-seo%2Ftrunk%2Fincludes%2Fcore%2Fschema%2Fclass-types.php"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:wpmudev:smartcrawl:*:*:*:*:*:wordpress:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "smartcrawl",
                "vendor": "wpmudev",
                "versions": [
                  {
                    "lessThanOrEqual": "3.10.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3287",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-03T20:36:45.796543Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T20:44:09.446Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SmartCrawl SEO checker, analyzer \u0026 optimizer",
              "vendor": "wpmudev",
              "versions": [
                {
                  "lessThanOrEqual": "3.10.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Krzysztof Zaj\u0105c"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to unauthorized ld+json description injection due to a missing capability check on the save_settings function in all versions up to, and including, 3.10.2. This makes it possible for unauthenticated attackers to save schema types."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:11:04.127Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9a77672b-340e-4f10-abe7-461c2db537b8?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3073136/smartcrawl-seo/trunk/includes/core/schema/class-types.php?old=2943058\u0026old_path=smartcrawl-seo%2Ftrunk%2Fincludes%2Fcore%2Fschema%2Fclass-types.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-19T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer \u003c= 3.10.2 - Missing Authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-3287",
        "datePublished": "2024-05-02T16:52:26.946Z",
        "dateReserved": "2024-04-03T20:17:41.979Z",
        "dateUpdated": "2026-04-08T17:11:04.127Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11163 (GCVE-0-2025-11163)

    Vulnerability from cvelistv5 – Published: 2025-09-30 05:28 – Updated: 2026-04-08 17:05
    VLAI
    Title
    SmartCrawl SEO checker, analyzer & optimizer <= 3.14.3 - Missing Authorization to Plugin Settings Update
    Summary
    The SmartCrawl SEO checker, analyzer & optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_submodule() function in all versions up to, and including, 3.14.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's setttings.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Credits
    Rafshanzani Suhada
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11163",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-30T15:41:07.958207Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-30T15:41:18.658Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SmartCrawl SEO checker, analyzer \u0026 optimizer",
              "vendor": "wpmudev",
              "versions": [
                {
                  "lessThanOrEqual": "3.14.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Rafshanzani Suhada"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The SmartCrawl SEO checker, analyzer \u0026 optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_submodule() function in all versions up to, and including, 3.14.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin\u0027s setttings."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:05:39.836Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8a63a9b3-c056-45f3-952c-9aee997d1d27?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/smartcrawl-seo/tags/3.14.2/includes/core/controllers/class-submodule-controller.php#L123"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3366486/smartcrawl-seo/trunk/includes/core/controllers/class-submodule-controller.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-29T16:47:13.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2025-09-29T16:32:13.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "SmartCrawl SEO checker, analyzer \u0026 optimizer \u003c= 3.14.3 - Missing Authorization to Plugin Settings Update"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-11163",
        "datePublished": "2025-09-30T05:28:53.152Z",
        "dateReserved": "2025-09-29T16:31:24.156Z",
        "dateUpdated": "2026-04-08T17:05:39.836Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-6556 (GCVE-0-2024-6556)

    Vulnerability from cvelistv5 – Published: 2024-07-10 08:32 – Updated: 2026-04-08 16:51
    VLAI
    Title
    SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer <= 3.10.8 - Unauthenticated Full Path Disclosure
    Summary
    The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.10.8. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    wpmudev SmartCrawl SEO checker, analyzer & optimizer Affected: 0 , ≤ 3.10.8 (semver)
    Create a notification for this product.
    wpmudev smartcrawl Affected: 0 , ≤ 3.10.8 (custom)
        cpe:2.3:a:wpmudev:smartcrawl:*:*:*:*:*:wordpress:*:*
    Create a notification for this product.
    Credits
    Matthew Rollings
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:wpmudev:smartcrawl:*:*:*:*:*:wordpress:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "smartcrawl",
                "vendor": "wpmudev",
                "versions": [
                  {
                    "lessThanOrEqual": "3.10.8",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-6556",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-10T15:21:55.160117Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-10T15:26:44.587Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:41:03.684Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d357096-25da-4cbf-9c6c-261bf1b29a9f?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3115079%40smartcrawl-seo\u0026new=3115079%40smartcrawl-seo\u0026sfp_email=\u0026sfph_mail="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SmartCrawl SEO checker, analyzer \u0026 optimizer",
              "vendor": "wpmudev",
              "versions": [
                {
                  "lessThanOrEqual": "3.10.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Matthew Rollings"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.10.8. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:51:23.519Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d357096-25da-4cbf-9c6c-261bf1b29a9f?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3115079%40smartcrawl-seo\u0026new=3115079%40smartcrawl-seo\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-09T19:53:14.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer \u003c= 3.10.8 - Unauthenticated Full Path Disclosure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-6556",
        "datePublished": "2024-07-10T08:32:16.591Z",
        "dateReserved": "2024-07-08T14:28:38.764Z",
        "dateUpdated": "2026-04-08T16:51:23.519Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-3287 (GCVE-0-2024-3287)

    Vulnerability from cvelistv5 – Published: 2024-05-02 16:52 – Updated: 2026-04-08 17:11
    VLAI
    Title
    SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer <= 3.10.2 - Missing Authorization
    Summary
    The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to unauthorized ld+json description injection due to a missing capability check on the save_settings function in all versions up to, and including, 3.10.2. This makes it possible for unauthenticated attackers to save schema types.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    wpmudev SmartCrawl SEO checker, analyzer & optimizer Affected: 0 , ≤ 3.10.2 (semver)
    Create a notification for this product.
    wpmudev smartcrawl Affected: 0 , ≤ 3.10.2 (semver)
        cpe:2.3:a:wpmudev:smartcrawl:*:*:*:*:*:wordpress:*:*
    Create a notification for this product.
    Credits
    Krzysztof Zając
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:05:08.362Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9a77672b-340e-4f10-abe7-461c2db537b8?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/3073136/smartcrawl-seo/trunk/includes/core/schema/class-types.php?old=2943058\u0026old_path=smartcrawl-seo%2Ftrunk%2Fincludes%2Fcore%2Fschema%2Fclass-types.php"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:wpmudev:smartcrawl:*:*:*:*:*:wordpress:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "smartcrawl",
                "vendor": "wpmudev",
                "versions": [
                  {
                    "lessThanOrEqual": "3.10.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3287",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-03T20:36:45.796543Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T20:44:09.446Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SmartCrawl SEO checker, analyzer \u0026 optimizer",
              "vendor": "wpmudev",
              "versions": [
                {
                  "lessThanOrEqual": "3.10.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Krzysztof Zaj\u0105c"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to unauthorized ld+json description injection due to a missing capability check on the save_settings function in all versions up to, and including, 3.10.2. This makes it possible for unauthenticated attackers to save schema types."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:11:04.127Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9a77672b-340e-4f10-abe7-461c2db537b8?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3073136/smartcrawl-seo/trunk/includes/core/schema/class-types.php?old=2943058\u0026old_path=smartcrawl-seo%2Ftrunk%2Fincludes%2Fcore%2Fschema%2Fclass-types.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-19T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer \u003c= 3.10.2 - Missing Authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-3287",
        "datePublished": "2024-05-02T16:52:26.946Z",
        "dateReserved": "2024-04-03T20:17:41.979Z",
        "dateUpdated": "2026-04-08T17:11:04.127Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }