CVE-2025-12958

LOW2.7

Rankology SEO and Analytics Tool <= 2.0 - Incorrect Authorization to Authenticated (Editor+) Header & Footer Code Creation

Published Jan 7, 2026

Modified 1 weeks ago

No fix available

Details

The Rankology SEO and Analytics Tool plugin for WordPress is vulnerable to unauthorized modification of data due to an incorrect capability check on the 'rankology_code_block' page in all versions up to, and including, 2.0. This makes it possible for authenticated attackers, with Editor-level access and above, to add header and footer code blocks.

References

WEBhttps://wordpress.org/plugins/rankology-seo-and-analytics-tool/ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2025-12958 WEBhttps://www.wordfence.com/threat-intel/vulnerabilities/id/c97a341c-23f5-49a9-ad05-1fb387047e3b?source=cve

CVSS Analysis

CVSS v3.1

2.7

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

HighPR:H

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

LowI:L

Availability

NoneA:N

2.7/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Weakness Type (CWE)

Other

CWE-285

Ecosystems

Timeline

PublishedJan 7, 2026

ModifiedJan 7, 2026