Vulnerabilites related to rankmath - Rank Math SEO – AI SEO Tools to Dominate SEO Rankings
CVE-2024-9161 (GCVE-0-2024-9161)
Vulnerability from cvelistv5
Published
2024-10-05 11:21
Modified
2024-10-07 16:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'update_metadata' function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated attackers to insert new and update existing metadata beginning with 'rank_math', and delete arbitrary existing user metadata and term metadata. Deleting existing usermeta can cause a loss of access to the administrator dashboard for any registered users, including Administrators.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rankmath | Rank Math SEO – AI SEO Tools to Dominate SEO Rankings |
Version: * ≤ 1.0.228 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-07T16:14:34.269074Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T16:14:57.624Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings",
"vendor": "rankmath",
"versions": [
{
"lessThanOrEqual": "1.0.228",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Leo Trinh"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the \u0027update_metadata\u0027 function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated attackers to insert new and update existing metadata beginning with \u0027rank_math\u0027, and delete arbitrary existing user metadata and term metadata. Deleting existing usermeta can cause a loss of access to the administrator dashboard for any registered users, including Administrators."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-05T11:21:19.388Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7df39a64-76c5-4ebe-a271-44bd147a3a86?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L120"
},
{
"url": "https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L161"
},
{
"url": "https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L162"
},
{
"url": "https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L64"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3161896/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-04T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings \u003c= 1.0.228 - Missing Authorization to Unauthenticated User and Term Metadata Insert, Update, and Delete"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-9161",
"datePublished": "2024-10-05T11:21:19.388Z",
"dateReserved": "2024-09-24T18:07:48.981Z",
"dateUpdated": "2024-10-07T16:14:57.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9314 (GCVE-0-2024-9314)
Vulnerability from cvelistv5
Published
2024-10-05 11:21
Modified
2024-10-16 15:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.228 via deserialization of untrusted input 'set_redirections' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rankmath | Rank Math SEO – AI SEO Tools to Dominate SEO Rankings |
Version: * ≤ 1.0.228 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rankmath:rankmath_seo_ai_seo_tools_to_dominate_seo_rankings:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rankmath_seo_ai_seo_tools_to_dominate_seo_rankings",
"vendor": "rankmath",
"versions": [
{
"lessThanOrEqual": "1.0.228",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-07T14:30:59.819574Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T15:01:36.402Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings",
"vendor": "rankmath",
"versions": [
{
"lessThanOrEqual": "1.0.228",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Leo Trinh"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.228 via deserialization of untrusted input \u0027set_redirections\u0027 function. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-05T11:21:20.603Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/af5ed47e-f183-4e72-a916-15020e2bc91e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/admin/class-import-export.php#L507"
},
{
"url": "https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/admin/class-import-export.php#L514"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3161896/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-04T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings \u003c= 1.0.228 - Authenticated (Administrator+) PHP Object Injection"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-9314",
"datePublished": "2024-10-05T11:21:20.603Z",
"dateReserved": "2024-09-27T23:23:08.827Z",
"dateUpdated": "2024-10-16T15:01:36.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13227 (GCVE-0-2024-13227)
Vulnerability from cvelistv5
Published
2025-02-13 04:21
Modified
2025-02-13 19:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Rank Math API in all versions up to, and including, 1.0.235 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rankmath | Rank Math SEO – AI SEO Tools to Dominate SEO Rankings |
Version: * ≤ 1.0.235 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13227",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T19:39:57.671831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T19:40:03.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings",
"vendor": "rankmath",
"versions": [
{
"lessThanOrEqual": "1.0.235",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Craig Smith"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s Rank Math API in all versions up to, and including, 1.0.235 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T04:21:45.068Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/24df10fb-5143-478e-90f0-27f604ad43ee?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L257"
},
{
"url": "https://wordpress.org/plugins/seo-by-rank-math/#developers"
},
{
"url": "https://rankmath.com/changelog/free/page/2/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3222905/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-12T16:21:31.000+00:00",
"value": "Disclosed"
}
],
"title": "Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings \u003c= 1.0.235 - Authenticated (Contributor+) Stored Cross-Site Scripting via Rank Math API"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-13227",
"datePublished": "2025-02-13T04:21:45.068Z",
"dateReserved": "2025-01-08T20:20:23.309Z",
"dateUpdated": "2025-02-13T19:40:03.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13229 (GCVE-0-2024-13229)
Vulnerability from cvelistv5
Published
2025-02-13 04:21
Modified
2025-02-13 16:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the update_metadata() function in all versions up to, and including, 1.0.235. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete any schema metadata assigned to any post.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rankmath | Rank Math SEO – AI SEO Tools to Dominate SEO Rankings |
Version: * ≤ 1.0.235 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13229",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T16:38:33.372785Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T16:38:45.626Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings",
"vendor": "rankmath",
"versions": [
{
"lessThanOrEqual": "1.0.235",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Craig Smith"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the update_metadata() function in all versions up to, and including, 1.0.235. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete any schema metadata assigned to any post."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T04:21:45.803Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5776f689-56dd-413d-b02d-5551b97dd5eb?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L169"
},
{
"url": "https://rankmath.com/changelog/free/page/2/"
},
{
"url": "https://wordpress.org/plugins/seo-by-rank-math/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3222905/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-12T16:21:30.000+00:00",
"value": "Disclosed"
}
],
"title": "Rank Math SEO \u003c= 1.0.235 - Missing Authorization to Authenticated (Contributor+) Arbitrary Schema Deletion"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-13229",
"datePublished": "2025-02-13T04:21:45.803Z",
"dateReserved": "2025-01-08T21:12:26.126Z",
"dateUpdated": "2025-02-13T16:38:45.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}