cleantalk
Vulnerabilities and Security Researches

SEO Flow by LupsOnline, CVE-2025-15285

CVE, Research URL

CVE-2025-15285

Home page URL

Security reports for SEO Flow by LupsOnline

Application

SEO Flow by LupsOnline

Published on
Feb 04, 2026
Research Description
The SEO Flow by LupsOnline plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkBlogAuthentication() and checkCategoryAuthentication() functions in all versions up to, and including, 2.2.1. These authorization functions only implement basic API key authentication but fail to implement WordPress capability checks. This makes it possible for unauthenticated attackers to create, modify, and delete blog posts and categories.
Affected versions
max 2.2.1.
Status
vulnerable
Previous vulnerability researches
SEO Flow by LupsOnline (CVE-2025-48146) , May 18, 2025
SEO Flow by LupsOnline (CVE-2025-15285) , Feb 27, 2026
New vulnerability
Image Optimizer by Elementor – Compress, Resize and Optimize Images (CVE-2026-25387) , Feb 27, 2026
Printful Integration for WooCommerce (CVE-2025-12375) , Feb 27, 2026
PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes (CVE-2026-25322) , Feb 27, 2026
Page Builder Gutenberg Blocks – CoBlocks (CVE-2026-27094) , Feb 27, 2026
ElementsKit Elementor addons (CVE-2026-23693) , Feb 27, 2026