Which SEO Plugin by Squirrly SEO CVEs are tracked?

SEO Plugin by Squirrly SEO tracked CVEs include CVE-2024-6497, CVE-2022-38140, CVE-2025-22783, CVE-2025-1768, and CVE-2022-44626.

How many SEO Plugin by Squirrly SEO vulnerabilities have patch guidance?

14 of 14 tracked SEO Plugin by Squirrly SEO records include a published patch path.

Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 14 known issues Latest disclosed Feb 18, 2026

SEO Plugin by Squirrly SEO Vulnerabilities

Review known vulnerability records for the WordPress plugin SEO Plugin by Squirrly SEO (`squirrly-seo`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-14342, CVE-2025-22783 and CVE-2025-1768, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

Feb 19, 2026

Priority CVE Quick Links

Fast paths into SEO Plugin by Squirrly SEO CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

CVE-2024-6497 High 12.3.20

CVE-2024-6497 SEO Plugin by Squirrly SEO SQL Injection

SEO Plugin by Squirrly SEO <= 12.3.19 - Authenticated (Contributor+) SQL Injection via url Parameter

CVE-2022-38140 High 12.1.11

CVE-2022-38140 SEO Plugin by Squirrly SEO Remote Code Execution

SEO Plugin by Squirrly SEO <= 12.1.10 - Authenticated (Contributor+) Arbitrary File Upload

CVE-2025-22783 Medium 12.4.06

CVE-2025-22783 SEO Plugin by Squirrly SEO SQL Injection

SEO Plugin by Squirrly SEO <= 12.4.03 - Authenticated (Contributor+) SQL Injection

CVE-2025-1768 Medium 12.4.06

CVE-2025-1768 SEO Plugin by Squirrly SEO SQL Injection

SEO Plugin by Squirrly SEO <= 12.4.05 - Authenticated (Subscriber+) SQL Injection via search Parameter

CVE-2022-44626 Medium 12.1.21

CVE-2022-44626 SEO Plugin by Squirrly SEO Vulnerability

SEO Plugin by Squirrly SEO <= 12.1.20 - Missing Authorization

CVE-2024-29790 Medium 12.3.17

CVE-2024-29790 SEO Plugin by Squirrly SEO Cross-Site Scripting

SEO Plugin by Squirrly SEO <= 12.3.16 - Reflected Cross-Site Scripting

CVE-2022-45065 Medium 12.1.21

CVE-2022-45065 SEO Plugin by Squirrly SEO Cross-Site Scripting

SEO Plugin by Squirrly SEO <= 12.1.20 - Reflected Cross-Site Scripting via 'page' and 'tab'

CVE-2021-25019 Medium 11.1.12

CVE-2021-25019 SEO Plugin by Squirrly SEO Cross-Site Scripting

SEO Plugin by Squirrly SEO <= 11.1.11 - Reflected Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for SEO Plugin by Squirrly SEO so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

14 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

0 critical and 4 high severity findings.

Recent CVEs

CVE-2025-14342, CVE-2025-22783 and CVE-2025-1768

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2025-14342 Medium Patch path listed

CVE-2025-14342: SEO Plugin by Squirrly SEO <= 12.4.14 - Missing Authorization to Authenticated (Subscriber+) Cloud Service Disconnection

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sq_ajax_uninstall function in all versions up...

Published

Feb 18, 2026

Patch Status

12.4.15

Open CVE-2025-14342 Report

CVE-2025-22783 Medium Patch path listed

CVE-2025-22783: SEO Plugin by Squirrly SEO <= 12.4.03 - Authenticated (Contributor+) SQL Injection

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 12.4.03 due to insufficient escaping on the user supplied parameter and l...

Published

Mar 27, 2025

Patch Status

12.4.06

Open CVE-2025-22783 Report

CVE-2025-1768 Medium Patch path listed

CVE-2025-1768: SEO Plugin by Squirrly SEO <= 12.4.05 - Authenticated (Subscriber+) SQL Injection via search Parameter

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to blind SQL Injection via the 'search' parameter in all versions up to, and including, 12.4.05 due to insufficient escaping...

Published

Mar 06, 2025

Patch Status

12.4.06

Open CVE-2025-1768 Report

Known Vulnerabilities

Reports for SEO Plugin by Squirrly SEO

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-14342

CVE-2025-14342: SEO Plugin by Squirrly SEO <= 12.4.14 - Missing Authorization to Authenticated (Subscriber+) Cloud Service Disconnection

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sq_ajax_uninstall function in all versions up to, and including, 12.4.14. This makes it possible for authenticated attackers, with Subsc...

Published

Feb 18, 2026

Patched Release

12.4.15

Affected Versions

Versions up to 12.4.14

Next Step

Update to 12.4.15 or newer if supported.

Open CVE-2025-14342 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-22783

CVE-2025-22783: SEO Plugin by Squirrly SEO <= 12.4.03 - Authenticated (Contributor+) SQL Injection

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 12.4.03 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authen...

Published

Mar 27, 2025

Patched Release

12.4.06

Affected Versions

Versions up to 12.4.03

Next Step

Update to 12.4.06 or newer if supported.

Open CVE-2025-22783 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-1768

CVE-2025-1768: SEO Plugin by Squirrly SEO <= 12.4.05 - Authenticated (Subscriber+) SQL Injection via search Parameter

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to blind SQL Injection via the 'search' parameter in all versions up to, and including, 12.4.05 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL que...

Published

Mar 06, 2025

Patched Release

12.4.06

Affected Versions

Versions up to 12.4.05

Next Step

Update to 12.4.06 or newer if supported.

Open CVE-2025-1768 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-24654

CVE-2025-24654: SEO Plugin by Squirrly SEO <= 12.4.07 - Missing Authorization

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 12.4.07. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

Published

Mar 03, 2025

Patched Release

12.4.08

Affected Versions

Versions up to 12.4.07

Next Step

Update to 12.4.08 or newer if supported.

Open CVE-2025-24654 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-10515

CVE-2024-10515: SEO Plugin by Squirrly SEO <= 12.3.20 - Authenticated (Editor+) Stored Cross-Site Scripting

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 12.3.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with e...

Published

Oct 30, 2024

Patched Release

12.3.21

Affected Versions

Versions up to 12.3.20

Next Step

Update to 12.3.21 or newer if supported.

Open CVE-2024-10515 Report Open CVE Reference

Plugin High Patched: Yes CVE-2024-6497

CVE-2024-6497: SEO Plugin by Squirrly SEO <= 12.3.19 - Authenticated (Contributor+) SQL Injection via url Parameter

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 12.3.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, w...

Published

Jul 19, 2024

Patched Release

12.3.20

Affected Versions

Versions up to 12.3.19

Next Step

Update to 12.3.20 or newer if supported.

Open CVE-2024-6497 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-29790

CVE-2024-29790: SEO Plugin by Squirrly SEO <= 12.3.16 - Reflected Cross-Site Scripting

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 12.3.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web s...

Published

Mar 25, 2024

Patched Release

12.3.17

Affected Versions

Versions up to 12.3.16

Next Step

Update to 12.3.17 or newer if supported.

Open CVE-2024-29790 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-0597

CVE-2024-0597: SEO Plugin by Squirrly SEO <= 12.3.15 - Authenticated(Administrator+) Stored Cross-Site Scripting via plugin settings

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 12.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with adm...

Published

Jan 29, 2024

Patched Release

12.3.16

Affected Versions

Versions up to 12.3.15

Next Step

Update to 12.3.16 or newer if supported.

Open CVE-2024-0597 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2022-44626

CVE-2022-44626: SEO Plugin by Squirrly SEO <= 12.1.20 - Missing Authorization

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to unauthorized access/modification or loss of data due to a missing capability check on AJAX action handlers in versions up to, and including, 12.1.20. This makes it possible for authenticated attackers with subsc...

Published

Mar 17, 2023

Patched Release

12.1.21

Affected Versions

Versions up to 12.1.20

Next Step

Update to 12.1.21 or newer if supported.

Open CVE-2022-44626 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2022-45065

CVE-2022-45065: SEO Plugin by Squirrly SEO <= 12.1.20 - Reflected Cross-Site Scripting via 'page' and 'tab'

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' and 'tab' parameters in versions up to, and including, 12.1.20 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

Published

Mar 17, 2023

Patched Release

12.1.21

Affected Versions

Versions up to 12.1.20

Next Step

Update to 12.1.21 or newer if supported.

Open CVE-2022-45065 Report Open CVE Reference

Plugin High Patched: Yes CVE-2022-38140

CVE-2022-38140: SEO Plugin by Squirrly SEO <= 12.1.10 - Authenticated (Contributor+) Arbitrary File Upload

The SEO Plugin by Squirrly SEO for WordPress is vulnerable to arbitrary file uploads in versions up to, and including, 12.1.10. This makes it possible for authenticated attackers, with contributor level permissions and above, to upload arbitrary files on the affected sites server...

Published

Oct 25, 2022

Patched Release

12.1.11

Affected Versions

Versions up to 12.1.10

Next Step

Update to 12.1.11 or newer if supported.

Open CVE-2022-38140 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2021-25019

CVE-2021-25019: SEO Plugin by Squirrly SEO <= 11.1.11 - Reflected Cross-Site Scripting

The SEO Plugin by Squirrly SEO WordPress plugin before 11.1.12 does not escape the type parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting

Published

Feb 28, 2022

Patched Release

11.1.12

Affected Versions

Versions before 11.1.12

Next Step

Update to 11.1.12 or newer if supported.

Open CVE-2021-25019 Report Open CVE Reference