Vulnerabilities and security researches forsmartcrawl-seo smartcrawl-seo

Oct 11, 2025

CVE, Research URL: CVE-2025-11163
Home page URL: Security reports for SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer
Application: SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer
Date: Sep 30, 2025
Research Description: The SmartCrawl SEO checker, analyzer & optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_submodule() function in all versions up to, and including, 3.14.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's setttings.
Affected versions: Min -, max -.
Status: vulnerable

Jul 11, 2024

CVE, Research URL: CVE-2024-6556
Home page URL: Security reports for SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer
Application: SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer
Date: Jul 10, 2024
Research Description: The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.10.8. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.
Affected versions: Min -, max -.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2024-3287
Home page URL: Security reports for SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer
Application: SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer
Date: May 02, 2024
Research Description: The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to unauthorized ld+json description injection due to a missing capability check on the save_settings function in all versions up to, and including, 3.10.2. This makes it possible for unauthenticated attackers to save schema types.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-5949
Home page URL: Security reports for SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer
Application: SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer
Date: Dec 19, 2023
Research Description: The SmartCrawl WordPress plugin before 3.8.3 does not prevent unauthorised users from accessing password-protected posts' content.
Affected versions: Min -, max -.
Status: vulnerable