Vulnerabilities and security researches forlupsonline-link-netwerk lupsonline-link-netwerk

May 18, 2025

CVE, Research URL: CVE-2025-48146
Home page URL: Security reports for SEO Flow by LupsOnline
Application: SEO Flow by LupsOnline
Date: May 16, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Michael Lups SEO Flow by LupsOnline allows Stored XSS. This issue affects SEO Flow by LupsOnline: from n/a through 2.2.0.
Affected versions: max 2.2.0.
Status: vulnerable

Feb 27, 2026

CVE, Research URL: CVE-2025-15285
Home page URL: Security reports for SEO Flow by LupsOnline
Application: SEO Flow by LupsOnline
Date: Feb 04, 2026
Research Description: The SEO Flow by LupsOnline plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkBlogAuthentication() and checkCategoryAuthentication() functions in all versions up to, and including, 2.2.1. These authorization functions only implement basic API key authentication but fail to implement WordPress capability checks. This makes it possible for unauthenticated attackers to create, modify, and delete blog posts and categories.
Affected versions: max 2.2.1.
Status: vulnerable