CVE-2025-14386

High

Published: 28 January 2026

Published

28 January 2026

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0014 34.2th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

The Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the 'generate_sso_url' and 'validate_sso_token' functions in versions 2.4.4 to…

2.5.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract the 'nonce_token' authentication value to log in to the first Administrator's account.

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations for logical access to information and system resources, directly addressing the missing capability checks in the plugin's generate_sso_url and validate_sso_token functions.

AC-6 Least Privilege good match

prevent

Employs least privilege to restrict Subscriber-level users from performing unauthorized actions like extracting admin nonce_tokens for privilege escalation.

SI-2 Flaw Remediation good match

preventrecover

Requires timely identification, reporting, and correction of flaws such as the authentication bypass due to missing authorization in the vulnerable plugin versions.

Security SummaryAI

CVE-2025-14386 is an authentication bypass vulnerability in the Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization for WordPress, affecting versions 2.4.4 through 2.5.12. The issue arises from a missing capability check in the 'generate_sso_url' and 'validate_sso_token' functions within the plugin's admin component, classified as CWE-862 (Missing Authorization). It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

Authenticated attackers with Subscriber-level access or higher can exploit this vulnerability over the network with low complexity and no user interaction required. By leveraging the unprotected functions, they can extract the 'nonce_token' authentication value, enabling them to log in directly to the site's first Administrator account and gain elevated privileges.

Advisories reference specific vulnerable code locations in the plugin's Trac repository, including lines 1042, 1141, and 851 in admin/class-metasync-admin.php for version 2.5.12, along with a Wordfence threat intelligence report detailing the issue (ID: 6f63d2c4-cbae-4177-8494-daca96449ecc).

Details

CWE(s): CWE-862

AI Security AnalysisAI

AI Category: Other AI Platforms
Risk Domain: N/A
OWASP Top 10 for LLMs 2025: None mapped
MITRE ATLAS Techniques: None mapped
Classification Reason: Matched keywords: ai

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

The vulnerability is an authentication bypass due to missing capability checks, allowing low-privileged (Subscriber) authenticated users to extract an admin authentication token and gain administrator access, directly enabling exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://plugins.trac.wordpress.org/browser/metasync/tags/2.5.12/admin/class-metasync-admin.php#L1042
security@wordfence.com
https://plugins.trac.wordpress.org/browser/metasync/tags/2.5.12/admin/class-metasync-admin.php#L1141
security@wordfence.com
https://plugins.trac.wordpress.org/browser/metasync/tags/2.5.12/admin/class-metasync-admin.php#L851
security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/6f63d2c4-cbae-4177-8494-daca96449ecc?source=cve
security@wordfence.com