CVE-2024-12252

CRITICAL 9.8

SEO LAT Auto Post <= 2.2.1 - Missing Authorization to File Overwrite/Upload (Remote Code Execution)

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

0th

The SEO LAT Auto Post plugin for WordPress is vulnerable to file overwrite due to a missing capability check on the remote_update AJAX action in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to overwrite the seo-beginner-auto-post.php file which can be leveraged to achieve remote code execution.

CWE	CWE-94
Vendor	seobeginner
Product	seo lat auto post
Published	Jan 7, 2025
Last Updated	Apr 8, 2026

Stay Ahead of the Next One

Get instant alerts for seobeginner seo lat auto post

Be the first to know when new critical vulnerabilities affecting seobeginner seo lat auto post are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

seobeginner / SEO LAT Auto Post

0 ≤ 2.2.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/67df10cc-ce3c-4157-9860-7e367062f710?source=cve wordpress.org: https://wordpress.org/plugins/seo-beginner-auto-post/

Credits

Lucio Sá