Vulnerability Description
The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sq_ajax_uninstall function in all versions up to, and including, 12.4.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to disconnect the site from Squirrly's cloud service.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/browser/squirrly-seo/tags/12.4.14/controllers
- https://plugins.trac.wordpress.org/changeset/3435711/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/7ad25948-3265-4c4c-9b9
FAQ
What is CVE-2025-14342?
CVE-2025-14342 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sq_ajax_uninstall function in all versions up to, and in...
How severe is CVE-2025-14342?
CVE-2025-14342 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-14342?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.