Does SEO Booster have any unpatched vulnerabilities?

Yes — SEO Booster currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is SEO Booster compatible with WordPress 6.7.5?

According to WordPress.org data, SEO Booster 6.1.8 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is SEO Booster compatible with PHP 7.4+?

SEO Booster requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is SEO Booster updated?

SEO Booster was last updated on Feb 8, 2025. Frequent updates are generally a positive security signal.

What is SEO Booster's security score?

SEO Booster has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SEO Booster Security Review — Score 63/100 (use caution)

Safety Verdict

Is SEO Booster Safe to Use in 2026?

Use With Caution

Score 63/100

SEO Booster has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

3 known CVEs 1 unpatched Last CVE: Jan 19, 2026Updated 1yr ago

Risk Assessment

The "seo-booster" v6.1.8 plugin exhibits a mixed security posture. While it demonstrates good practices in utilizing prepared statements for SQL queries and proper output escaping, significant concerns arise from its attack surface and past vulnerability history. The presence of unprotected AJAX handlers and REST API routes presents direct entry points for attackers. The taint analysis revealing a high severity flow with unsanitized paths is a critical red flag, indicating potential for serious security breaches like command injection or path traversal if exploited.

The plugin's vulnerability history, including a currently unpatched high-severity CVE and past issues with missing authorization, CSRF, and SQL injection, suggests a recurring pattern of security weaknesses. The late 2025 vulnerability date for the unpatched CVE is concerning and highlights a lack of timely patching. While the plugin has strengths in its SQL and output handling, the unprotected entry points and historical vulnerabilities, coupled with the identified high-severity taint flow, elevate the overall risk profile.

Key Concerns

Unprotected AJAX handlers (4)
Unprotected REST API routes (1)
High severity unsanitized taint flow
Currently unpatched high severity CVE
Bundled Freemius v1.0 (potentially outdated)
2 flows with unsanitized paths

Vulnerabilities

3

SEO Booster Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

1 CVE in 2024

2024

1 CVE in 2026 · unpatched

2026

Patched Has unpatched

Severity Breakdown

High

1

Medium

2

3 total CVEs

CVE-2025-68019medium · 5.3Missing Authorization

SEO Booster <= 6.1.8 - Missing Authorization

Jan 19, 2026Unpatched

CVE-2024-32438medium · 4.3Cross-Site Request Forgery (CSRF)

SEO Booster <= 3.8.9 - Cross-Site Request Forgery

Apr 12, 2024 Patched in 3.8.10 (6d)

CVE-2021-24747high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

SEO Booster <= 3.7 - Admin+ SQL Injection

Nov 15, 2021 Patched in 3.8 (799d)

Code Analysis

Analyzed Mar 16, 2026

SEO Booster Code Analysis

Dangerous Functions

0

Raw SQL Queries

20

137 prepared

Unescaped Output

60

397 escaped

Nonce Checks

31

Capability Checks

40

File Operations

2

External Requests

7

Bundled Libraries

1

Bundled Libraries

Freemius1.0

SQL Query Safety

87% prepared157 total queries

Output Escaping

87% escaped457 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

24 flows2 with unsanitized paths

display_refresh_link (inc\Google_API.php:1608)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

5 unprotected

SEO Booster Attack Surface

Entry Points14

Unprotected5

AJAX Handlers 13

authwp_ajax_sb_get_report_tableinc\Reports.php:43

authwp_ajax_sb_check_cache_statusinc\Reports.php:44

authwp_ajax_sb_update_keywordinc\SB_Autolink_Ajax.php:10

authwp_ajax_sb_gsc_get_keywordsinc\SB_GSC_Ajax.php:10

authwp_ajax_sb_adminbar_get_keywordsinc\SB_GSC_Ajax.php:11

authwp_ajax_sb_gsc_delete_transientsinc\SB_GSC_Metaboxes.php:32

authwp_ajax_sb_gsc_import_dataseo-booster.php:137

authwp_ajax_sb_log_tableseo-booster.php:138

authwp_ajax_sb_gsc_tableseo-booster.php:139

authwp_ajax_weeklyemailsignupseo-booster.php:140

authwp_ajax_fetch_chart_dataseo-booster.php:151

authwp_ajax_seobooster_gsc_make_auto_linkseo-booster.php:152

authwp_ajax_ajax_add_keywordseo-booster.php:170

REST API Routes 1

GET/wp-json/seo-booster/v1/keywordsinc\REST\KeywordController.php:6

WordPress Hooks 41

actionseobooster_cache_cleanupinc\CacheManager.php:42

actionadd_meta_boxesinc\SB_GSC_Metaboxes.php:31

actionsb_gsc_process_keywords_batchinc\SB_GSC_Processor.php:13

actionsb_gsc_schedule_all_pagesinc\SB_GSC_Processor.php:14

actionsb_gsc_analyze_post_keywordsinc\SB_GSC_Processor.php:15

filterhandle_gdpr_admin_noticeseo-booster.php:96

actionafter_uninstallseo-booster.php:97

actioninitseo-booster.php:136

actionwp_headseo-booster.php:141

actionadd_meta_boxesseo-booster.php:142

filterpermission_listseo-booster.php:145

actionseobooster_email_updateseo-booster.php:147

actionadmin_noticesseo-booster.php:148

actionadmin_initseo-booster.php:149

actionseobooster_gsc_data_fetchseo-booster.php:150

actionseobooster_dailymaintenanceseo-booster.php:153

actionadmin_initseo-booster.php:154

actionadmin_initseo-booster.php:155

actionadmin_initseo-booster.php:156

actioninitseo-booster.php:157

actionplugins_loadedseo-booster.php:158

actionwpseo-booster.php:159

filterthe_contentseo-booster.php:160

filterthe_excerptseo-booster.php:161

actiontemplate_redirectseo-booster.php:162

actionsave_postseo-booster.php:164

actionwp_dashboard_setupseo-booster.php:165

actionadmin_menuseo-booster.php:166

actionadmin_enqueue_scriptsseo-booster.php:167

actionadmin_enqueue_scriptsseo-booster.php:168

actioninitseo-booster.php:169

actionwpmu_drop_tablesseo-booster.php:173

filterplugin_action_linksseo-booster.php:176

actionadmin_footerseo-booster.php:184

filterfl_builder_ui_bar_buttonsseo-booster.php:185

actionadmin_bar_menuseo-booster.php:186

actionadmin_enqueue_scriptsseo-booster.php:187

actionwp_enqueue_scriptsseo-booster.php:188

actioninitseo-booster.php:190

actioninitseo-booster.php:191

filterpermission_listseo-booster.php:1366

Scheduled Events 6

seobooster_cache_cleanup

sb_gsc_schedule_all_pages

seobooster_email_update

seobooster_gsc_data_fetch

seobooster_dailymaintenance

seobooster_email_update

Maintenance & Trust

SEO Booster Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedFeb 8, 2025

PHP min version7.4

Downloads198K

Community Trust

Rating96/100

Number of ratings54

Active installs1K

Alternatives

SEO Booster Alternatives

All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

all-in-one-seo-pack

B

82

AIOSEO is the most powerful WordPress SEO plugin. Improve SEO rankings and traffic with comprehensive SEO tools and smart AI SEO optimizations!

3.0M 26 CVEs

$Rank Math SEO – AI SEO Tools to Dominate SEO Rankings$

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings

seo-by-rank-math

A

86

Rank Math SEO is the best WordPress SEO plugin with the features of many SEO and AI SEO tools in a single package to help multiply your SEO traffic.

3.0M 20 CVEs

SureRank SEO – Smart Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema

surerank

A

97

SureRank – SEO Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema

300K 1 CVE

SEOPress – On-site SEO & Analytics

wp-seopress

A

94

SEOPress, a simple, fast and powerful all in one SEO plugin for WordPress. Rank higher in search engines, fully white label. Now with AI.

300K 14 CVEs

SEO Plugin by Squirrly SEO

squirrly-seo

A

88

Rank without begging Google. AI-powered SEO that actually helps you win. Trusted by rebels, creators, and pros in 150+ countries.

40K 14 CVEs

Developer Profile

SEO Booster Developer Profile

cleverplugins

3 plugins · 17K total installs

66

trust score

Avg Security Score

82/100

Avg Patch Time

269 days

View full developer profile

Detection Fingerprints

How We Detect SEO Booster

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/seo-booster/assets/css/main.css/wp-content/plugins/seo-booster/assets/js/seo-booster.js

Script Paths

/wp-content/plugins/seo-booster/assets/js/seo-booster.js

Version Parameters

seo-booster/assets/css/main.css?ver=seo-booster/assets/js/seo-booster.js?ver=

HTML / DOM Fingerprints

CSS Classes

sb-gsc-tablesbp-settings-page

Data Attributes

data-sb-gsc-table-id

JS Globals

SB_SEO_BOOSTER_AJAX_URL

REST Endpoints

/wp-json/seobooster/v1/settings

FAQ

SEO Booster Security & Risk Analysis

Is SEO Booster Safe to Use in 2026?

Use With Caution

Key Concerns

SEO Booster Security Vulnerabilities

CVEs by Year

Severity Breakdown

SEO Booster Code Analysis

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

SEO Booster Attack Surface

AJAX Handlers 13

REST API Routes 1

Scheduled Events 6

SEO Booster Maintenance & Trust

Maintenance Signals

Community Trust

SEO Booster Alternatives

All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings

SureRank SEO – Smart Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema

SEOPress – On-site SEO & Analytics

SEO Plugin by Squirrly SEO

SEO Booster Developer Profile

How We Detect SEO Booster

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about SEO Booster