SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer < 3.10.3 – Missing Authorization | CVE 2024-3287 | Plugin Vulnerabilities

Description

The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to unauthorized ld+json description injection due to a missing capability check on the save_settings function in all versions up to, and including, 3.10.2. This makes it possible for unauthenticated attackers to save schema types.

Affects Plugins

Fixed in 3.10.3

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/9a77672b-340e-4f10-abe7-461c2db537b8

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Krzysztof Zając

Verified

No

WPVDB ID

84e9f144-f250-4aea-a2cd-a1a3b626ae00

Timeline

Publicly Published

2024-04-19 (about 2 years ago)

Added

2024-04-19 (about 2 years ago)

Last Updated

2024-04-19 (about 2 years ago)

Other

Published

Title

Published

2026-01-22

Title

Membership <= 1.6.4 - Missing Authorization

Published

2024-04-16

Title

Ovic Responsive WPBakery <= 1.3.0 - Missing Authorization

Published

2023-11-07

Title

Visitors Traffic Real Time Statistics < 7.3 - Missing Authorization via multiple AJAX actions

Published

2025-12-20

Title

Time Slots Booking Form < 1.2.40 - Missing Authorization

Published

2023-07-05

Title

BadgeOS <= 3.7.1.6 - Missing Authorization in delete_badgeos_log_entries