CVE-2025-13085
📋 TL;DR
The SiteSEO WordPress plugin up to version 1.3.2 has an authorization flaw that allows authenticated users with siteseo_manage capability to read sensitive metadata from any post, page, or WooCommerce order they shouldn't access. This exposes customer billing information in WooCommerce installations. Only affects WordPress sites using vulnerable SiteSEO versions where legacy storage is enabled.
💻 Affected Systems
- SiteSEO – SEO Simplified WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers with Author-level access can steal sensitive customer data including payment information, names, addresses, and contact details from WooCommerce orders, leading to data breach and regulatory violations.
Likely Case
Malicious or compromised Author-level users exfiltrate customer personal information and post metadata they shouldn't access, potentially enabling further attacks.
If Mitigated
Limited to authorized users who have been granted SiteSEO access, reducing exposure surface but still allowing privilege escalation within that group.
🎯 Exploit Status
Exploitation requires authenticated access with siteseo_manage capability. The vulnerability is in AJAX endpoints making it easy to script once access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.3.3 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3397272/siteseo/trunk?contextall=1&old=3387094&old_path=%2Fsiteseo%2Ftrunk
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'SiteSEO – SEO Simplified'. 4. Click 'Update Now' if available. 5. Alternatively, download version 1.3.3+ from WordPress.org and manually update.
🔧 Temporary Workarounds
Disable legacy storage
allTurn off legacy storage option in SiteSEO settings to prevent exploitation via the vulnerable feature
Restrict SiteSEO access
allRemove siteseo_manage capability from Author-level and lower privileged users
🧯 If You Can't Patch
- Disable the SiteSEO plugin entirely until patched
- Implement strict access controls and monitor user activity with siteseo_manage capability
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → SiteSEO version. If ≤1.3.2 and legacy storage is enabled, you are vulnerable.Check Version:
wp plugin list --name=siteseo --field=version (if WP-CLI installed)Verify Fix Applied:
Verify SiteSEO plugin version is 1.3.3 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual AJAX requests to /wp-admin/admin-ajax.php with action=resolve_variables
- Multiple metadata access attempts from single user ID
- Access to post IDs outside user's normal editing scope
Network Indicators:
- POST requests to admin-ajax.php with resolve_variables parameter and post_id values
SIEM Query:
source="wordpress" AND uri_path="/wp-admin/admin-ajax.php" AND post_data.action="resolve_variables" AND post_data.post_id NOT IN (user_editable_posts)🔗 References
- https://plugins.trac.wordpress.org/browser/siteseo/trunk/main/admin.php#L106
- https://plugins.trac.wordpress.org/browser/siteseo/trunk/main/ajax.php#L542
- https://plugins.trac.wordpress.org/browser/siteseo/trunk/main/titlesmetas.php#L494
- https://plugins.trac.wordpress.org/changeset/3397272/siteseo/trunk?contextall=1&old=3387094&old_path=%2Fsiteseo%2Ftrunk
- https://www.wordfence.com/threat-intel/vulnerabilities/id/4d740ba8-4877-4b27-a1cb-26095f851ea6?source=cve
