Does SiteSEO – SEO Simplified have any unpatched vulnerabilities?

No. All known vulnerabilities in SiteSEO – SEO Simplified have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is SiteSEO – SEO Simplified compatible with WordPress 6.9.4?

According to WordPress.org data, SiteSEO – SEO Simplified 1.3.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is SiteSEO – SEO Simplified compatible with PHP 7.2+?

SiteSEO – SEO Simplified requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is SiteSEO – SEO Simplified updated?

SiteSEO – SEO Simplified was last updated on Feb 25, 2026. Frequent updates are generally a positive security signal.

What is SiteSEO – SEO Simplified's security score?

SiteSEO – SEO Simplified has a WP-Safety security score of 95/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SiteSEO – SEO Simplified Security & Risk Analysis

wordpress.org/plugins/siteseo

SiteSEO is an easy, fast and powerful SEO plugin for WordPress. Unlock your Website's potential and Maximize your online visibility with our SiteSEO!

500K active installs v1.3.6 PHP 7.2+ WP 5.0+ Updated Feb 25, 2026

meta-descriptionschemaseoxml-sitemap

A · Safe

CVEs total4

Unpatched0

Last CVENov 18, 2025

Plugin page Download

Safety Verdict

Is SiteSEO – SEO Simplified Safe to Use in 2026?

Generally Safe

Score 95/100

SiteSEO – SEO Simplified has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Nov 18, 2025Updated 1mo ago

Risk Assessment

The "siteseo" plugin v1.3.6 presents a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and performs a significant number of nonce and capability checks. The absence of critical or high severity taint flows and known unpatched vulnerabilities are also strengths. However, the plugin exhibits concerning weaknesses, primarily stemming from its attack surface. A substantial portion (19 out of 22) of its entry points, specifically AJAX handlers, lack proper authentication checks. This creates a significant risk of unauthorized actions being performed if an attacker can trigger these handlers. While taint analysis didn't reveal critical issues, the presence of unsanitized paths in flows is a red flag that could be exploited in conjunction with the unprotected entry points. The vulnerability history, while showing no currently unpatched issues, reveals a past pattern of medium severity vulnerabilities related to improper authorization and cross-site scripting, suggesting that these types of weaknesses have been present before. This, combined with the current lack of authentication on numerous AJAX handlers, indicates a potential for recurrence. In conclusion, while the plugin has made strides in secure coding practices like prepared statements, the exposed attack surface without adequate authorization is a serious concern that needs immediate attention.

Key Concerns

High number of unprotected AJAX handlers
Taint flows with unsanitized paths detected
Past medium severity vulnerabilities (4 total)

Vulnerabilities

SiteSEO – SEO Simplified Security Vulnerabilities

CVEs by Year

4 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

4 total CVEs

CVE-2025-13085medium · 4.3Improper Authorization

SiteSEO – SEO Simplified <= 1.3.2 - Insecure Direct Object Reference to Sensitive Post Meta Disclosure

Nov 18, 2025 Patched in 1.3.3 (1d)

CVE-2025-12814medium · 5.3Improper Authorization

SiteSEO – SEO Simplified <= 1.3.2 - Improper Authorization to Authenticated Settings Reset

Nov 18, 2025 Patched in 1.3.3 (1d)

CVE-2025-12367medium · 4.3Improper Authorization

SiteSEO – SEO Simplified <= 1.3.1 - Missing Authorization to Authenticated (Author+) Plugin Settings Update

Oct 31, 2025 Patched in 1.3.2 (1d)

CVE-2025-9277medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

SiteSEO – SEO Simplified <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Broken Regex Expression

Aug 26, 2025 Patched in 1.2.8 (1d)

Code Analysis

Analyzed Mar 16, 2026

SiteSEO – SEO Simplified Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

208

853 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

80% escaped1061 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

8 flows4 with unsanitized paths

handle_custom_redirect (main\googleanalytics.php:598)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

19 unprotected

SiteSEO – SEO Simplified Attack Surface

Entry Points22

Unprotected19

AJAX Handlers 19

authwp_ajax_siteseo_save_titles_meta_togglemain\ajax.php:17

authwp_ajax_siteseo_save_sitemap_togglemain\ajax.php:18

authwp_ajax_siteseo_save_indexing_togglemain\ajax.php:19

authwp_ajax_siteseo_save_advanced_togglemain\ajax.php:20

authwp_ajax_siteseo_save_social_togglemain\ajax.php:21

authwp_ajax_siteseo_save_analytics_togglemain\ajax.php:22

authwp_ajax_siteseo_generate_bing_api_keymain\ajax.php:23

authwp_ajax_siteseo_url_submitter_submitmain\ajax.php:24

authwp_ajax_siteseo_refresh_analysismain\ajax.php:25

authwp_ajax_siteseo_export_settingsmain\ajax.php:26

authwp_ajax_siteseo_import_settingsmain\ajax.php:27

authwp_ajax_siteseo_reset_settingsmain\ajax.php:28

authwp_ajax_siteseo_migrate_seomain\ajax.php:29

authwp_ajax_siteseo_dismiss_intromain\ajax.php:30

authwp_ajax_siteseo_save_universal_metaboxmain\ajax.php:31

authwp_ajax_siteseo_resolve_variablesmain\ajax.php:32

authwp_ajax_siteseo_clear_indexing_historymain\ajax.php:33

authwp_ajax_siteseo_close_update_noticemain\ajax.php:34

authwp_ajax_siteseo_save_onboarding_settingsmain\ajax.php:42

Shortcodes 3

[siteseo_html_sitemap] main\generatesitemap.php:26

[siteseo_toc] siteseo.php:95

[siteseo_html_sitemap] siteseo.php:106

WordPress Hooks 100

actionwp_footerfunctions.php:188

actionadmin_initmain\admin.php:17

actionadmin_noticesmain\admin.php:41

filtersoftaculous_plugin_update_noticemain\admin.php:42

actionadmin_menumain\admin.php:47

actionadmin_enqueue_scriptsmain\admin.php:51

actionadmin_enqueue_scriptsmain\admin.php:56

actionadd_meta_boxesmain\admin.php:57

actionadmin_enqueue_scriptsmain\admin.php:61

actionadmin_initmain\admin.php:62

filterplugin_action_linksmain\admin.php:65

filteradmin_footer_textmain\admin.php:68

actionadmin_enqueue_scriptsmain\admin.php:71

actionenqueue_block_editor_assetsmain\admin.php:72

filterblock_categories_allmain\admin.php:73

filteradmin_body_classmain\admin.php:74

actionadmin_bar_menumain\admin.php:76

actionadmin_bar_menumain\admin.php:77

actionadmin_enqueue_scriptsmain\admin.php:78

actionadmin_enqueue_scriptsmain\admin.php:79

actionenqueue_block_editor_assetsmain\admin.php:83

filtermanage_posts_columnsmain\admin.php:87

filtermanage_pages_columnsmain\admin.php:88

actionmanage_posts_custom_columnmain\admin.php:89

actionmanage_pages_custom_columnmain\admin.php:90

filtermanage_edit-post_sortable_columnsmain\admin.php:91

filtermanage_edit-page_sortable_columnsmain\admin.php:92

actionadmin_menumain\admin.php:93

actionwoocommerce_process_product_metamain\admin.php:94

actionsave_postmain\admin.php:95

actionsave_postmain\admin.php:96

filtercomment_form_default_fieldsmain\advanced.php:69

filterget_comment_author_linkmain\advanced.php:73

filterpost_classmain\advanced.php:77

filterthe_contentmain\advanced.php:81

actionedit_termmain\advanced.php:85

actioninitmain\advanced.php:89

actiontemplate_redirectmain\advanced.php:90

filterterm_linkmain\advanced.php:205

filterrequestmain\advanced.php:206

actioncreated_product_catmain\advanced.php:207

actiondelete_product_catmain\advanced.php:208

actionedited_product_catmain\advanced.php:209

actionparse_requestmain\advanced.php:210

filtersoftaculous_plugin_update_noticemain\ajax.php:38

filterquery_varsmain\generatesitemap.php:35

actionwp_headmain\googleanalytics.php:24

actionwp_headmain\googleanalytics.php:28

actionwp_footermain\googleanalytics.php:32

actionwp_footermain\googleanalytics.php:36

actionwp_footermain\googleanalytics.php:40

actionwp_headmain\googleanalytics.php:44

actionwp_body_openmain\googleanalytics.php:48

actionwp_footermain\googleanalytics.php:52

filterscript_loader_tagmain\googleanalytics.php:362

filterscript_loader_tagmain\googleanalytics.php:473

filterscript_loader_tagmain\googleanalytics.php:549

filterscript_loader_tagmain\googleanalytics.php:568

actiontemplate_redirectmain\imageseo.php:24

filtersanitize_file_namemain\imageseo.php:28

actionadd_attachmentmain\imageseo.php:36

actionadmin_menumain\settings\onboarding.php:73

actionadmin_initmain\settings\onboarding.php:74

actionadmin_footermain\settings\statistics.php:32

filterthe_contentmain\tableofcontent.php:26

actionplugins_loadedsiteseo.php:56

actioninitsiteseo.php:77

actioninitsiteseo.php:92

actioninitsiteseo.php:96

filterwp_sitemaps_enabledsiteseo.php:99

actioninitsiteseo.php:101

actiontemplate_redirectsiteseo.php:102

actiontemplate_redirectsiteseo.php:110

actioninitsiteseo.php:111

actiontemplate_redirectsiteseo.php:114

actiontransition_post_statussiteseo.php:117

actionwp_enqueue_scriptssiteseo.php:124

actionenqueue_block_editor_assetssiteseo.php:125

actionwp_enqueue_scriptssiteseo.php:128

actionenqueue_block_editor_assetssiteseo.php:129

actionafter_setup_themesiteseo.php:141

actionwp_enqueue_scriptssiteseo.php:144

actionwp_headsiteseo.php:147

actionwp_headsiteseo.php:148

filterwp_titlesiteseo.php:149

filterpre_get_document_titlesiteseo.php:150

actionwp_headsiteseo.php:151

filterwp_robotssiteseo.php:152

actionwp_headsiteseo.php:153

actionwp_headsiteseo.php:154

actionwp_headsiteseo.php:157

actionwp_headsiteseo.php:158

actionwp_headsiteseo.php:159

actioninitsiteseo.php:162

actionwp_headsiteseo.php:165

actioninitsiteseo.php:166

actioninitsiteseo.php:169

filterpost_link_categorysiteseo.php:171

filterwc_product_post_type_link_product_catsiteseo.php:172

filterwoocommerce_get_breadcrumbsiteseo.php:173

Maintenance & Trust

SiteSEO – SEO Simplified Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 25, 2026

PHP min version7.2

Downloads1.3M

Community Trust

Rating78/100

Number of ratings7

Active installs500K

Alternatives

SiteSEO – SEO Simplified Alternatives

All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

all-in-one-seo-pack

AIOSEO is the most powerful WordPress SEO plugin. Improve SEO rankings and traffic with comprehensive SEO tools and smart AI SEO optimizations!

3.0M 26 CVEs

Yoast SEO – Advanced SEO with real-time guidance and built-in AI

wordpress-seo

Improve your SEO with real-time feedback, schema, and clear guidance. Upgrade for AI tools, Google Docs integration, and 24/7 support, no hidden fees.

10.0M 17 CVEs

SureRank SEO – Smart Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema

surerank

SureRank – SEO Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema

300K 1 CVE

SEOPress – On-site SEO & Analytics

wp-seopress

SEOPress, a simple, fast and powerful all in one SEO plugin for WordPress. Rank higher in search engines, fully white label. Now with AI.

300K 14 CVEs

Slim SEO – A Fast & Automated SEO Plugin For WordPress

slim-seo

A full-featured SEO plugin for WordPress that's lightweight, blazing fast with minimum configuration. No bloats and just works!

60K 2 CVEs

Developer Profile

SiteSEO – SEO Simplified Developer Profile

Softaculous

10 plugins · 4.1M total installs

trust score

Avg Security Score

95/100

Avg Patch Time

333 days

View full developer profile

Detection Fingerprints

How We Detect SiteSEO – SEO Simplified

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/siteseo/assets/css/siteseo-admin.css/wp-content/plugins/siteseo/assets/css/siteseo-frontend.css/wp-content/plugins/siteseo/assets/js/siteseo-admin.js/wp-content/plugins/siteseo/assets/js/siteseo-frontend.js

Generator Patterns

SiteSEO - SEO Simplified

Script Paths

/wp-content/plugins/siteseo/assets/js/siteseo-frontend.js

Version Parameters

siteseo/assets/css/siteseo-frontend.css?ver=siteseo/assets/js/siteseo-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

siteseo-admin-mainsiteseo-metabox-fieldsiteseo-tab-content

HTML Comments

Data Attributes

data-siteseo-metabox-field

JS Globals

siteseo_frontend_paramssiteseo_admin_params

REST Endpoints

/wp-json/siteseo/v1/settings

Shortcode Output

[siteseo_toc][siteseo_html_sitemap]

FAQ