Cyber Resilience

CVE-2025-14386

High

Published: 28 January 2026

Published
28 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0037 28.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-14386 is a high-severity Missing Authorization (CWE-862) vulnerability in Wordpress (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 28.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Other Platforms; in the Not Applicable risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-14386 is an authentication bypass vulnerability in the Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization for WordPress, affecting versions 2.4.4 through 2.5.12. The issue arises from a missing capability check in the 'generate_sso_url' and 'validate_sso_token' functions within the plugin's admin component, classified as CWE-862 (Missing Authorization). It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

Authenticated attackers with Subscriber-level access or higher can exploit this vulnerability over the network with low complexity and no user interaction required. By leveraging the unprotected functions, they can extract the 'nonce_token' authentication value, enabling them to log in directly to the site's first Administrator account and gain elevated privileges.

Advisories reference specific vulnerable code locations in the plugin's Trac repository, including lines 1042, 1141, and 851 in admin/class-metasync-admin.php for version 2.5.12, along with a Wordfence threat intelligence report detailing the issue (ID: 6f63d2c4-cbae-4177-8494-daca96449ecc).

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

The Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the 'generate_sso_url' and 'validate_sso_token' functions in versions 2.4.4 to…

more

2.5.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract the 'nonce_token' authentication value to log in to the first Administrator's account.

CWE(s)

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
Not Applicable
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The vulnerability is an authentication bypass due to missing capability checks, allowing low-privileged (Subscriber) authenticated users to extract an admin authentication token and gain administrator access, directly enabling exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-49747Shared CWE-862
CVE-2026-32658Shared CWE-862
CVE-2026-6506Shared CWE-862
CVE-2025-48574Shared CWE-862
CVE-2025-21396Shared CWE-862
CVE-2021-47701Shared CWE-862
CVE-2026-40349Shared CWE-862
CVE-2024-57726Shared CWE-862
CVE-2025-7665Shared CWE-862
CVE-2024-11936Shared CWE-862

Affected Assets

Wordpress
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for logical access to information and system resources, directly addressing the missing capability checks in the plugin's generate_sso_url and validate_sso_token functions.

prevent

Employs least privilege to restrict Subscriber-level users from performing unauthorized actions like extracting admin nonce_tokens for privilege escalation.

preventrecover

Requires timely identification, reporting, and correction of flaws such as the authentication bypass due to missing authorization in the vulnerable plugin versions.

References