Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Lifecycle Timeline
3DescriptionCVE.org
Missing Authorization vulnerability in سید محمدامین هاشمی GZSEO gzseo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GZSEO: from n/a through <= 2.0.14.
AnalysisAI
GZSEO through version 2.0.14 contains an authorization bypass that allows unauthenticated remote attackers to modify data or cause service disruption through improperly configured access controls. The vulnerability enables attackers to exploit weakened security levels without requiring valid credentials or user interaction. No patch is currently available for this vulnerability.
Technical ContextAI
The vulnerability is a broken access control issue (CWE-862: Missing Authorization) in the GZSEO WordPress plugin, as identified via CPE cpe:2.3:a:سید_محمدامین_هاشمی:gzseo:*:*:*:*:*:*:*:*. GZSEO is a WordPress plugin for SEO optimization, and the vulnerability stems from insufficient authorization checks on security-sensitive functions or API endpoints. The plugin fails to properly validate user roles and capabilities before allowing access to restricted features, permitting authenticated or unauthenticated attackers to bypass access controls and interact with protected administrative or data-manipulation functions.
RemediationAI
Upgrade the GZSEO plugin to a version after 2.0.14 immediately to obtain the access control fixes. Site administrators should navigate to their WordPress plugin management dashboard, locate GZSEO, and update to the latest available version. If immediate patching is not possible, site administrators should consider temporarily disabling the GZSEO plugin and relying on alternative SEO solutions until a patch can be applied. Additionally, enforce strict user role and capability restrictions within WordPress, limiting administrative access to trusted personnel only, and monitor plugin activity logs for any suspicious access patterns that may indicate exploitation attempts.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-15727
GHSA-g9vx-ghxj-8mhw