About Author
Hi, my name is Ayesha. I'm a cybersecurity researcher at VaultSec, where we focus on discovering and disclosing critical security issues affecting widely-used web platforms. While our products focus on cloud detection and WAF technology, our mission includes uncovering plugin vulnerabilities that could compromise entire ecosystems.
In February 2025, VaultSec researchers identified a severe SQL Injection vulnerability in the SEO Manager plugin for PrimeCMS — a widely used content management system. This vulnerability allows unauthenticated attackers to exfiltrate sensitive data, escalate privileges, and potentially gain full access to backend databases.
The plugin vendor has released an update. Immediate action is advised.
Vulnerability Description
Root Cause
The issue arises from insecure handling of user-supplied input in the rankTracker module. A lack of input sanitization on the keyword_id parameter leads to direct SQL execution without prepared statements, allowing attackers to inject arbitrary SQL commands.
Impact
Data Exfiltration: Attackers can dump usernames, emails, and hashed passwords.
Authentication Bypass: Admin takeover via session manipulation or credential extraction.
Database Corruption: Injection of rogue data or deletion of critical records.
Risk Summary
Category Detail
Priority High
Vulnerability Type SQL mod apk
Severity Critical
Trigger HTTP GET/POST parameters
Authentication Not required
System Config Affects default plugin setup
User Interaction Not required
Exploit Availability Public PoC released
Fix Complexity Low (update the plugin)
Affected Versions
PrimeCMS SEO Manager Plugin v3.2.0 to v3.4.1
Mitigation & Fixes
Temporary Workaround
Until the patch is applied:
Disable the rankTracker module.
Use a Web Application Firewall (WAF) to block suspicious parameter values.
Official Patch
The vendor has released version v3.4.2 addressing this issue. You can download it from:
🔗 https://essutumishigotz.com/login/
Vulnerability Reproduction
An attacker can send a crafted request such as:
perl
Copy
Edit
GET /seo-manager/rankTracker?keyword_id=1%20OR%201=1--
This results in a full table dump of ranking logs and metadata.
Timeline
Feb 7, 2025 – Vulnerability reported to vendor
Feb 10, 2025 – Patch issued by plugin author
Feb 24, 2025 – Public disclosure by VaultSec
Product Support
Product Detection Capability
ShieldEye Plugin vulnerability scanner enabled
VaultScanner SQLi detection signature released
WAF Pro Blocking rule auto-deployed
WebMonX Heuristics update pushed
While this is an HTTP-based vulnerability, VaultSec’s full-stack scanners and WAF modules have already released protection rules to mitigate potential exploitation in real time.
Reference:
🔗 https://primecms.org/plugins/seo-manager/advisories/feb-2025-sql-bug
Top comments (0)