The SmartCrawl WordPress SEO plugin versions up to 3.10.2 contain a missing authorization vulnerability (CWE-862) in the save_settings function. This flaw permits unauthenticated attackers to inject ld+json schema descriptions by bypassing capability checks, potentially altering SEO-related structured data. The CVSS 3.1 base score is 5.3 (medium), reflecting network attack vector, low complexity, no privileges required, no user interaction, and impact limited to integrity.

The vulnerability allows unauthenticated attackers to modify schema types saved by the plugin, affecting the integrity of SEO-related structured data. There is no impact on confidentiality or availability. This could potentially mislead search engines or affect SEO results but does not directly compromise sensitive data or system stability.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider disabling the plugin or restricting access to its settings to trusted users only. Monitor vendor channels for updates and apply patches promptly once available.