{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-39697", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-04-07T10:58:16.464Z", "datePublished": "2026-04-08T08:30:46.167Z", "dateUpdated": "2026-04-08T08:30:46.167Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "maio-the-new-ai-geo-seo-tool", "product": "MAIO &#8211; The new AI GEO / SEO tool", "vendor": "HBSS Technologies", "versions": [{"lessThanOrEqual": "6.2.8", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Legion Hunter | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-08T10:28:44.762Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in HBSS Technologies MAIO &#8211; The new AI GEO / SEO tool maio-the-new-ai-geo-seo-tool allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects MAIO &#8211; The new AI GEO / SEO tool: from n/a through <= 6.2.8.</p>"}], "value": "Missing Authorization vulnerability in HBSS Technologies MAIO &#8211; The new AI GEO / SEO tool maio-the-new-ai-geo-seo-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAIO &#8211; The new AI GEO / SEO tool: from n/a through <= 6.2.8."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-08T08:30:46.167Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/maio-the-new-ai-geo-seo-tool/vulnerability/wordpress-maio-the-new-ai-geo-seo-tool-plugin-6-2-8-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress MAIO \u2013 The new AI GEO / SEO tool plugin <= 6.2.8 - Broken Access Control vulnerability"}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in HBSS Technologies MAIO &#8211; The new AI GEO / SEO tool maio-the-new-ai-geo-seo-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAIO &#8211; The new AI GEO / SEO tool: from n/a through <= 6.2.8."}], "id": "CVE-2026-39697", "lastModified": "2026-04-08T21:26:13.410", "metrics": {}, "published": "2026-04-08T09:16:42.173", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/maio-the-new-ai-geo-seo-tool/vulnerability/wordpress-maio-the-new-ai-geo-seo-tool-plugin-6-2-8-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.2.8]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "MAIO &#8211; The new AI GEO / SEO tool", "source": "cna", "vendor": "HBSS Technologies"}, "product": "maio_&#8211;_the_new_ai_geo_/_seo_tool", "vendor": "hbss_technologies"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-08T10:43:30.781623+00:00", "value": {"mitigation_remediation": ["Update MAIO \u2013 The new AI GEO / SEO tool to the latest available version (\u2265 6.2.9).", "Verify that the installed plugin version is not listed among vulnerable releases by checking the vendor\u2019s update page or the WordPress plugin repository.", "If a patch is not yet available, restrict untrusted users from accessing the site\u2019s administrative areas and limit direct network access to the plugin\u2019s admin URLs."], "summary": {"action": "Patch", "impact": "Broken Access Control"}, "threat_synthesis": {"affected_systems": "WordPress installations that use HBSS Technologies MAIO \u2013 The new AI GEO / SEO tool versions up to and including 6.2.8 are affected. Any site that has the plugin installed within this version range and has not applied a patch is vulnerable.", "description_and_impact": "Missing authorization in the MAIO \u2013 The new AI GEO / SEO tool plugin allows unauthorized users to access protected administrative functionality. This flaw can expose and modify sensitive configuration settings, potentially enabling broader compromise of the WordPress site. The weakness is identified as CWE-862: Missing Authorization, leading to a loss of confidentiality, integrity, and possible availability. ", "risk_and_exploitability": "The vulnerability does not currently have publicly available exploitation code and EPSS information is not available; it is also not listed in CISA\u2019s KEV catalog. Based on the description, it is inferred that the attacker can construct HTTP requests to the plugin\u2019s protected endpoints, requiring only network access to the site. Once an attacker gains access, administrative control over the plugin and the possibility of pivoting to wider site compromise exist. The potential impact is high because broken access control can lead to full site takeover if not addressed."}}}}, "created": "2026-04-08T19:27:37.963764+00:00", "updated": "2026-04-08T19:40:22.650869+00:00", "vendors": ["hbss_technologies", "hbss_technologies$PRODUCT$maio_&#8211;_the_new_ai_geo_/_seo_tool", "wordpress", "wordpress$PRODUCT$wordpress"]}