cleantalk
Vulnerabilities and Security Researches

WordLift – AI powered SEO – Schema, CVE-2024-12176

CVE, Research URL

CVE-2024-12176

Home page URL

Security reports for WordLift – AI powered SEO – Schema

Application

WordLift – AI powered SEO – Schema

Published on
Jan 07, 2025
Research Description
The WordLift – AI powered SEO – Schema plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'wl_config_plugin' AJAX action in all versions up to, and including, 3.54.0. This makes it possible for unauthenticated attackers to update the plugin's settings.
Affected versions
Min -, max 3.54.0.
Status
vulnerable
Previous vulnerability researches
WordLift – AI powered SEO – Schema (CVE-2022-3069) , Jun 07, 2024
WordLift – AI powered SEO – Schema (CVE-2025-30624) , Jun 15, 2025
WordLift – AI powered SEO – Schema (CVE-2024-12176) , Jan 08, 2025
New vulnerability
Ultimate Addons for Contact Form 7 (CVE-2025-6220) , Jun 19, 2025
Ebook Store (CVE-2025-49862) , Jun 19, 2025
Arconix Shortcodes (CVE-2025-49858) , Jun 19, 2025
Responsive Starter Templates – Elementor & WordPress Templates (CVE-2025-49856) , Jun 19, 2025
WP VR – 360 Panorama and Virtual Tour Builder For WordPress (CVE-2025-47452) , Jun 19, 2025