cleantalk
Vulnerabilities and Security Researches

SEO Flow by LupsOnline, CVE-2025-15285

CVE, Research URL

CVE-2025-15285

Home page URL

Security reports for SEO Flow by LupsOnline

Application

SEO Flow by LupsOnline

Published on
Feb 04, 2026
Research Description
The SEO Flow by LupsOnline plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkBlogAuthentication() and checkCategoryAuthentication() functions in all versions up to, and including, 2.2.1. These authorization functions only implement basic API key authentication but fail to implement WordPress capability checks. This makes it possible for unauthenticated attackers to create, modify, and delete blog posts and categories.
Affected versions
max 2.2.1.
Status
vulnerable
Previous vulnerability researches
HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce (CVE-2024-8667) , Oct 25, 2024
HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce (CVE-2026-24392) , Feb 27, 2026
HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce (CVE-2024-32556) , Jun 07, 2024
HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce (CVE-2025-53255) , Jul 05, 2025
HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce (CVE-2024-13735) , Feb 16, 2025
New vulnerability
ElementInvader Addons for Elementor (CVE-2026-25028) , Feb 27, 2026
SportsPress – Sports Club & League Manager (CVE-2025-15368) , Feb 27, 2026
Addonify – WooCommerce Wishlist (CVE-2025-68024) , Feb 27, 2026
Cool Tag Cloud (CVE-2025-69011) , Feb 27, 2026
WP Wizard Cloak (CVE-2025-53237) , Feb 27, 2026