Vulnerabilities and security researches forwordlift wordlift

Jun 15, 2025

CVE, Research URL: CVE-2025-30624
Home page URL: Security reports for WordLift – AI powered SEO – Schema
Application: WordLift – AI powered SEO – Schema
Date: Jun 06, 2025
Research Description: Missing Authorization vulnerability in WordLift WordLift allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordLift: from n/a through 3.54.4.
Affected versions: Min -, max -.
Status: vulnerable

Jan 08, 2025

CVE, Research URL: CVE-2024-12176
Home page URL: Security reports for WordLift – AI powered SEO – Schema
Application: WordLift – AI powered SEO – Schema
Date: Jan 07, 2025
Research Description: The WordLift – AI powered SEO – Schema plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'wl_config_plugin' AJAX action in all versions up to, and including, 3.54.0. This makes it possible for unauthenticated attackers to update the plugin's settings.
Affected versions: Min -, max -.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2022-3069
Home page URL: Security reports for WordLift – AI powered SEO – Schema
Application: WordLift – AI powered SEO – Schema
Date: Sep 26, 2022
Research Description: The WordLift WordPress plugin before 3.37.2 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Affected versions: Min -, max -.
Status: vulnerable