cleantalk
Vulnerabilities and Security Researches

SEO Plugin by Squirrly SEO, CVE-2026-7624

CVE, Research URL

CVE-2026-7624

Home page URL

Security reports for SEO Plugin by Squirrly SEO

Application

SEO Plugin by Squirrly SEO

Published on
Jun 06, 2026
Research Description
The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with contributor-level access and above, to invoke privileged state-changing Squirrly cloud API operations, such as revoking the site's Google Search Console and Google Analytics integrations via `api/gsc/revoke` and `api/ga/revoke`, that are otherwise restricted to administrator-level users holding the `sq_manage_settings` capability.
Affected versions
max 12.4.17.
Status
vulnerable
Previous vulnerability researches
SEO Plugin by Squirrly SEO (CVE-2024-10515) , Nov 17, 2024
SEO Plugin by Squirrly SEO (CVE-2024-43286) , Aug 20, 2024
SEO Plugin by Squirrly SEO (CVE-2025-14342) , Feb 27, 2026
SEO Plugin by Squirrly SEO (CVE-2026-7624) , Jun 06, 2026
SEO Plugin by Squirrly SEO (CVE-2025-22783) , Apr 02, 2025
New vulnerability
Advanced Google reCAPTCHA (CVE-2026-5415) , Jun 07, 2026
Advanced Google reCAPTCHA (CVE-2026-5411) , Jun 07, 2026
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders (CVE-2026-7665) , Jun 07, 2026
Ad Inserter – Ad Manager & AdSense Ads (CVE-2026-9280) , Jun 06, 2026
Smart Slider 3 (CVE-2026-9197) , Jun 06, 2026