Skip to main content

Maio 8211 The New Ai Geo Seo Tool CVE-2026-39697

| EUVDEUVD-2026-20394 MEDIUM
Missing Authorization (CWE-862)
2026-04-08 Patchstack GHSA-x7j8-vvpf-q2cr
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

4
Analysis Generated
Apr 15, 2026 - 12:44 vuln.today
CVSS changed
Apr 13, 2026 - 19:37 NVD
5.3 (MEDIUM)
EUVD ID Assigned
Apr 08, 2026 - 08:45 euvd
EUVD-2026-20394
CVE Published
Apr 08, 2026 - 08:30 nvd
N/A

DescriptionCVE.org

Missing Authorization vulnerability in HBSS Technologies MAIO &#8211; The new AI GEO / SEO tool maio-the-new-ai-geo-seo-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAIO &#8211; The new AI GEO / SEO tool: from n/a through <= 6.2.8.

AnalysisAI

Missing authorization in HBSS Technologies MAIO (AI GEO/SEO tool) WordPress plugin versions up to 6.2.8 allows unauthenticated remote attackers to modify data through incorrectly configured access control, resulting in integrity compromise without authentication requirements. The CVSS score of 5.3 reflects moderate risk with network-based attack vector and no user interaction needed, though EPSS exploitation probability remains very low at 0.02%.

Technical ContextAI

MAIO is a WordPress plugin (CPE: cpe:2.3:a:hbss_technologies:maio_-_the_new_ai_geo_/_seo_tool) that provides AI-powered geographic and SEO optimization features. The vulnerability stems from CWE-862 (Missing Authorization), which indicates the plugin fails to implement proper access control checks on sensitive operations. WordPress plugins inherently operate within the WordPress REST API and admin action handler framework; this vulnerability likely exploits inadequate capability checks (e.g., missing current_user_can() validation) on plugin endpoints or admin actions, allowing unauthenticated or lower-privileged users to invoke functions intended for administrators. The improper access control suggests the plugin exposes administrative or data-modification functionality without verifying user permissions at the application logic layer.

RemediationAI

Update MAIO - The new AI GEO / SEO tool to a version later than 6.2.8 (specific patched version number not independently confirmed in available data). WordPress administrators should navigate to Plugins > Installed Plugins, locate MAIO, and click Update if a newer version is available. For manual remediation pending patch availability, disable the MAIO plugin in WordPress and verify that no unauthenticated users or lower-privileged accounts have gained access to plugin features or data. Consult the Patchstack advisory (https://patchstack.com/database/Wordpress/Plugin/maio-the-new-ai-geo-seo-tool/vulnerability/wordpress-maio-the-new-ai-geo-seo-tool-plugin-6-2-8-broken-access-control-vulnerability?_s_id=cve) for detailed patch release information and the NVD entry (https://nvd.nist.gov/vuln/detail/CVE-2026-39697) for vendor-coordinated disclosure timeline.

Share

CVE-2026-39697 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy