Vulnerabilites related to rankmath - seo
Vulnerability from fkie_nvd
Published
2025-02-13 05:15
Modified
2025-02-24 17:07
Severity ?
Summary
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the update_metadata() function in all versions up to, and including, 1.0.235. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete any schema metadata assigned to any post.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rankmath:seo:*:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "B4C1FD19-885F-49CB-BFA6-37BD2D7FBA26",
"versionEndExcluding": "1.0.236",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the update_metadata() function in all versions up to, and including, 1.0.235. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete any schema metadata assigned to any post."
},
{
"lang": "es",
"value": "El complemento Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings para WordPress es vulnerable a la p\u00e9rdida no autorizada de datos debido a una verificaci\u00f3n de capacidad faltante en la funci\u00f3n update_metadata() en todas las versiones hasta la 1.0.235 incluida. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, eliminen cualquier metadato de esquema asignado a cualquier publicaci\u00f3n."
}
],
"id": "CVE-2024-13229",
"lastModified": "2025-02-24T17:07:33.247",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@wordfence.com",
"type": "Primary"
}
]
},
"published": "2025-02-13T05:15:13.930",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L169"
},
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/3222905/"
},
{
"source": "security@wordfence.com",
"tags": [
"Product",
"Release Notes"
],
"url": "https://rankmath.com/changelog/free/page/2/"
},
{
"source": "security@wordfence.com",
"tags": [
"Product",
"Release Notes"
],
"url": "https://wordpress.org/plugins/seo-by-rank-math/#developers"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5776f689-56dd-413d-b02d-5551b97dd5eb?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "security@wordfence.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-15 16:15
Modified
2024-11-21 04:27
Severity ?
Summary
The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://rankmath.com/changelog/ | Release Notes | |
| cve@mitre.org | https://wpvulndb.com/vulnerabilities/9375 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.pluginvulnerabilities.com/2019/06/20/authenticated-settings-reset-vulnerability-in-rank-math-seo/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rankmath.com/changelog/ | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpvulndb.com/vulnerabilities/9375 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.pluginvulnerabilities.com/2019/06/20/authenticated-settings-reset-vulnerability-in-rank-math-seo/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rankmath:seo:*:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "C05C69ED-4A50-4B6A-81FF-3DB724B07945",
"versionEndExcluding": "1.0.27.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter."
},
{
"lang": "es",
"value": "El plugin Rank Math SEO versi\u00f3n 1.0.27 para WordPress, permite a los usuarios no administradores restablecer la configuraci\u00f3n por medio del par\u00e1metro reset-cmb del archivo wp-admin/admin-post.php."
}
],
"id": "CVE-2019-14786",
"lastModified": "2024-11-21T04:27:20.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-15T16:15:12.133",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://rankmath.com/changelog/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/9375"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.pluginvulnerabilities.com/2019/06/20/authenticated-settings-reset-vulnerability-in-rank-math-seo/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://rankmath.com/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/9375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.pluginvulnerabilities.com/2019/06/20/authenticated-settings-reset-vulnerability-in-rank-math-seo/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-06 00:15
Modified
2024-11-21 08:03
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rank Math SEO plugin <= 1.0.119 versions.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rankmath:seo:*:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "9BBFACFF-6EB7-4665-95F1-6DBD83C4714A",
"versionEndExcluding": "1.0.119.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rank Math SEO plugin \u003c=\u00a01.0.119 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) almacenado autenticado con permisos de contribuidor (o superior) en el plugin Rank Math SEO en versiones anteriores e incluyendo la 1.0.119. "
}
],
"id": "CVE-2023-32600",
"lastModified": "2024-11-21T08:03:40.600",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7,
"source": "audit@patchstack.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-06T00:15:09.497",
"references": [
{
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/seo-by-rank-math/wordpress-rank-math-seo-plugin-1-0-119-cross-site-scripting-xss-vulnerability?_s_id=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/seo-by-rank-math/wordpress-rank-math-seo-plugin-1-0-119-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "audit@patchstack.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-02 06:15
Modified
2024-11-21 09:43
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Summary
The Rank Math SEO WordPress plugin before 1.0.219 does not sanitise and escape some of its settings, which could allow users with access to the General Settings (by default admin, however such access can be given to lower roles via the Role Manager feature of the Rank Math SEO WordPress plugin before 1.0.219) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/c0058fcc-36f6-40bf-9848-fbe2d751d754/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/c0058fcc-36f6-40bf-9848-fbe2d751d754/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rankmath:seo:*:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "D3446436-48C0-417A-A0E8-53AD3E2F8298",
"versionEndExcluding": "1.0.219",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Rank Math SEO WordPress plugin before 1.0.219 does not sanitise and escape some of its settings, which could allow users with access to the General Settings (by default admin, however such access can be given to lower roles via the Role Manager feature of the Rank Math SEO WordPress plugin before 1.0.219) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
},
{
"lang": "es",
"value": "El complemento Rank Math SEO de WordPress anterior a 1.0.219 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a los usuarios acceder a la Configuraci\u00f3n general (de forma predeterminada, administrador, sin embargo, dicho acceso se puede otorgar a roles inferiores a trav\u00e9s de la funci\u00f3n Administrador de roles de el complemento Rank Math SEO de WordPress anterior a 1.0.219) para realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)."
}
],
"id": "CVE-2024-4627",
"lastModified": "2024-11-21T09:43:14.720",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-07-02T06:15:04.400",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/c0058fcc-36f6-40bf-9848-fbe2d751d754/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/c0058fcc-36f6-40bf-9848-fbe2d751d754/"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-09 15:15
Modified
2024-11-21 07:12
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Server-Side Request Forgery (SSRF) vulnerability in Rank Math SEO plugin <= 1.0.95 at WordPress.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| audit@patchstack.com | https://patchstack.com/database/vulnerability/seo-by-rank-math/wordpress-rank-math-seo-plugin-1-0-95-server-side-request-forgery-ssrf-vulnerability/_s_id=cve | Broken Link, Third Party Advisory | |
| audit@patchstack.com | https://rankmath.com/changelog/ | Product, Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://patchstack.com/database/vulnerability/seo-by-rank-math/wordpress-rank-math-seo-plugin-1-0-95-server-side-request-forgery-ssrf-vulnerability/_s_id=cve | Broken Link, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rankmath.com/changelog/ | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rankmath:seo:*:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "C19042FE-9B5F-49EE-8565-1FA83D8ABB8B",
"versionEndIncluding": "1.0.95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Rank Math SEO plugin \u003c= 1.0.95 at WordPress."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en el plugin Rank Math SEO versiones anteriores a 1.0.95 incluy\u00e9ndola, en WordPress"
}
],
"id": "CVE-2022-36376",
"lastModified": "2024-11-21T07:12:53.890",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.0,
"source": "audit@patchstack.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-09T15:15:10.627",
"references": [
{
"source": "audit@patchstack.com",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/seo-by-rank-math/wordpress-rank-math-seo-plugin-1-0-95-server-side-request-forgery-ssrf-vulnerability/_s_id=cve"
},
{
"source": "audit@patchstack.com",
"tags": [
"Product",
"Release Notes"
],
"url": "https://rankmath.com/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/seo-by-rank-math/wordpress-rank-math-seo-plugin-1-0-95-server-side-request-forgery-ssrf-vulnerability/_s_id=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://rankmath.com/changelog/"
}
],
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "audit@patchstack.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-07 17:15
Modified
2024-11-21 04:58
Severity ?
Summary
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that redirect to an external web site) via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an "Open Redirect" issue; instead, it allows the attacker to create a new URI with an arbitrary name (e.g., the /exampleredirect URI).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rankmath:seo:*:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "B463F6E0-05EF-49E7-A858-141879F9E752",
"versionEndIncluding": "1.0.40.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that redirect to an external web site) via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an \"Open Redirect\" issue; instead, it allows the attacker to create a new URI with an arbitrary name (e.g., the /exampleredirect URI)."
},
{
"lang": "es",
"value": "El plugin Rank Math versiones hasta 1.0.40.2 para WordPress, permite a atacantes remotos no autenticados crear nuevos URI (que redireccionan a un sitio web externo) por medio del endpoint API REST de rankmath/v1/updateRedirection no seguro. En otras palabras, este no es un problema de \"Open Redirect\"; sin embargo, le permite al atacante crear un nuevo URI con un nombre arbitrario (por ejemplo, el URI /exampleredirect)."
}
],
"id": "CVE-2020-11515",
"lastModified": "2024-11-21T04:58:03.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-07T17:15:13.617",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://rankmath.com/changelog/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://wordpress.org/plugins/seo-by-rank-math/#developers"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.wordfence.com/blog/2020/03/critical-vulnerabilities-affecting-over-200000-sites-patched-in-rank-math-seo-plugin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://rankmath.com/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://wordpress.org/plugins/seo-by-rank-math/#developers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.wordfence.com/blog/2020/03/critical-vulnerabilities-affecting-over-200000-sites-patched-in-rank-math-seo-plugin/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-07 17:15
Modified
2024-11-21 04:58
Severity ?
Summary
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rankmath:seo:*:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "B463F6E0-05EF-49E7-A858-141879F9E752",
"versionEndIncluding": "1.0.40.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint."
},
{
"lang": "es",
"value": "El plugin Rank Math versiones hasta 1.0.40.2 para WordPress, permite a atacantes remotos no autenticados actualizar metadatos de WordPress arbitrarios, incluyendo la capacidad de escalar o revocar privilegios administrativos para los usuarios existentes por medio del endpoint API REST de rankmath/v1/updateMeta no seguro."
}
],
"id": "CVE-2020-11514",
"lastModified": "2024-11-21T04:58:03.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-07T17:15:13.573",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://rankmath.com/changelog/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://wordpress.org/plugins/seo-by-rank-math/#developers"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.wordfence.com/blog/2020/03/critical-vulnerabilities-affecting-over-200000-sites-patched-in-rank-math-seo-plugin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://rankmath.com/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://wordpress.org/plugins/seo-by-rank-math/#developers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.wordfence.com/blog/2020/03/critical-vulnerabilities-affecting-over-200000-sites-patched-in-rank-math-seo-plugin/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-13 05:15
Modified
2025-02-24 16:44
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Rank Math API in all versions up to, and including, 1.0.235 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rankmath:seo:*:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "B4C1FD19-885F-49CB-BFA6-37BD2D7FBA26",
"versionEndExcluding": "1.0.236",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s Rank Math API in all versions up to, and including, 1.0.235 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de la API Rank Math del complemento en todas las versiones hasta 1.0.235 incluida, debido a la entrada insuficiente desinfecci\u00f3n y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que los atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitraria en las p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"id": "CVE-2024-13227",
"lastModified": "2025-02-24T16:44:13.157",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7,
"source": "security@wordfence.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-02-13T05:15:13.727",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L257"
},
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/3222905/"
},
{
"source": "security@wordfence.com",
"tags": [
"Release Notes"
],
"url": "https://rankmath.com/changelog/free/page/2/"
},
{
"source": "security@wordfence.com",
"tags": [
"Product",
"Release Notes"
],
"url": "https://wordpress.org/plugins/seo-by-rank-math/#developers"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/24df10fb-5143-478e-90f0-27f604ad43ee?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@wordfence.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-05 12:15
Modified
2025-01-29 18:56
Severity ?
Summary
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'update_metadata' function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated attackers to insert new and update existing metadata beginning with 'rank_math', and delete arbitrary existing user metadata and term metadata. Deleting existing usermeta can cause a loss of access to the administrator dashboard for any registered users, including Administrators.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rankmath:seo:*:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "355D274D-4090-409B-8FB7-80640496A6A2",
"versionEndExcluding": "1.0.229",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the \u0027update_metadata\u0027 function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated attackers to insert new and update existing metadata beginning with \u0027rank_math\u0027, and delete arbitrary existing user metadata and term metadata. Deleting existing usermeta can cause a loss of access to the administrator dashboard for any registered users, including Administrators."
},
{
"lang": "es",
"value": "El complemento Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings para WordPress es vulnerable a modificaciones no autorizadas y p\u00e9rdida de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n \u0027update_metadata\u0027 en todas las versiones hasta la 1.0.228 incluida. Esto hace posible que atacantes no autenticados inserten metadatos nuevos y actualicen los existentes que comiencen con \u0027rank_math\u0027, y eliminen metadatos de usuario y metadatos de t\u00e9rminos existentes de forma arbitraria. Eliminar metadatos de usuario existentes puede provocar la p\u00e9rdida de acceso al panel de administrador para cualquier usuario registrado, incluidos los administradores."
}
],
"id": "CVE-2024-9161",
"lastModified": "2025-01-29T18:56:32.393",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "security@wordfence.com",
"type": "Primary"
}
]
},
"published": "2024-10-05T12:15:02.897",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L120"
},
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L161"
},
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L162"
},
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L64"
},
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/3161896/"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7df39a64-76c5-4ebe-a271-44bd147a3a86?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "security@wordfence.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-05 12:15
Modified
2025-01-29 18:52
Severity ?
Summary
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.228 via deserialization of untrusted input 'set_redirections' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rankmath:seo:*:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "355D274D-4090-409B-8FB7-80640496A6A2",
"versionEndExcluding": "1.0.229",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.228 via deserialization of untrusted input \u0027set_redirections\u0027 function. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code."
},
{
"lang": "es",
"value": "El complemento Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings para WordPress es vulnerable a la inyecci\u00f3n de objetos PHP en todas las versiones hasta la 1.0.228 incluida, a trav\u00e9s de la deserializaci\u00f3n de la funci\u00f3n \u0027set_redirections\u0027 de entrada no confiable. Esto hace posible que atacantes autenticados, con acceso de nivel de administrador y superior, inyecten un objeto PHP. No hay ninguna cadena POP presente en el software vulnerable. Si hay una cadena POP presente a trav\u00e9s de un complemento o tema adicional instalado en el sistema de destino, podr\u00eda permitir al atacante eliminar archivos arbitrarios, recuperar datos confidenciales o ejecutar c\u00f3digo."
}
],
"id": "CVE-2024-9314",
"lastModified": "2025-01-29T18:52:17.940",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security@wordfence.com",
"type": "Primary"
}
]
},
"published": "2024-10-05T12:15:03.103",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/admin/class-import-export.php#L507"
},
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/admin/class-import-export.php#L514"
},
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/3161896/"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/af5ed47e-f183-4e72-a916-15020e2bc91e?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "security@wordfence.com",
"type": "Primary"
}
]
}
CVE-2024-4627 (GCVE-0-2024-4627)
Vulnerability from cvelistv5
Published
2024-07-02 06:00
Modified
2024-08-01 20:47
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Rank Math SEO WordPress plugin before 1.0.219 does not sanitise and escape some of its settings, which could allow users with access to the General Settings (by default admin, however such access can be given to lower roles via the Role Manager feature of the Rank Math SEO WordPress plugin before 1.0.219) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/c0058fcc-36f6-40bf-9848-fbe2d751d754/ | exploit, vdb-entry, technical-description |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Rank Math SEO |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rankmath:seo:*:*:*:*:free:wordpress:*:*"
],
"defaultStatus": "unaffected",
"product": "seo",
"vendor": "rankmath",
"versions": [
{
"lessThan": "1.0.219",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-4627",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T14:44:14.314917Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T19:57:46.852Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:47:41.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/c0058fcc-36f6-40bf-9848-fbe2d751d754/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Rank Math SEO ",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.0.219",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Rank Math SEO WordPress plugin before 1.0.219 does not sanitise and escape some of its settings, which could allow users with access to the General Settings (by default admin, however such access can be given to lower roles via the Role Manager feature of the Rank Math SEO WordPress plugin before 1.0.219) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T06:00:02.905Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/c0058fcc-36f6-40bf-9848-fbe2d751d754/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rank Math SEO \u003c 1.0.219 - Authenticated Stored XSS",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-4627",
"datePublished": "2024-07-02T06:00:02.905Z",
"dateReserved": "2024-05-07T20:18:45.838Z",
"dateUpdated": "2024-08-01T20:47:41.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11515 (GCVE-0-2020-11515)
Vulnerability from cvelistv5
Published
2020-04-07 16:51
Modified
2024-08-04 11:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that redirect to an external web site) via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an "Open Redirect" issue; instead, it allows the attacker to create a new URI with an arbitrary name (e.g., the /exampleredirect URI).
References
| ▼ | URL | Tags |
|---|---|---|
| https://rankmath.com/changelog/ | x_refsource_MISC | |
| https://wordpress.org/plugins/seo-by-rank-math/#developers | x_refsource_MISC | |
| https://www.wordfence.com/blog/2020/03/critical-vulnerabilities-affecting-over-200000-sites-patched-in-rank-math-seo-plugin/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:35:12.858Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rankmath.com/changelog/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/seo-by-rank-math/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2020/03/critical-vulnerabilities-affecting-over-200000-sites-patched-in-rank-math-seo-plugin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that redirect to an external web site) via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an \"Open Redirect\" issue; instead, it allows the attacker to create a new URI with an arbitrary name (e.g., the /exampleredirect URI)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-07T16:51:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rankmath.com/changelog/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/seo-by-rank-math/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/blog/2020/03/critical-vulnerabilities-affecting-over-200000-sites-patched-in-rank-math-seo-plugin/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that redirect to an external web site) via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an \"Open Redirect\" issue; instead, it allows the attacker to create a new URI with an arbitrary name (e.g., the /exampleredirect URI)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rankmath.com/changelog/",
"refsource": "MISC",
"url": "https://rankmath.com/changelog/"
},
{
"name": "https://wordpress.org/plugins/seo-by-rank-math/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/seo-by-rank-math/#developers"
},
{
"name": "https://www.wordfence.com/blog/2020/03/critical-vulnerabilities-affecting-over-200000-sites-patched-in-rank-math-seo-plugin/",
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2020/03/critical-vulnerabilities-affecting-over-200000-sites-patched-in-rank-math-seo-plugin/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11515",
"datePublished": "2020-04-07T16:51:42",
"dateReserved": "2020-04-03T00:00:00",
"dateUpdated": "2024-08-04T11:35:12.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11514 (GCVE-0-2020-11514)
Vulnerability from cvelistv5
Published
2020-04-07 16:50
Modified
2024-08-04 11:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint.
References
| ▼ | URL | Tags |
|---|---|---|
| https://rankmath.com/changelog/ | x_refsource_MISC | |
| https://wordpress.org/plugins/seo-by-rank-math/#developers | x_refsource_MISC | |
| https://www.wordfence.com/blog/2020/03/critical-vulnerabilities-affecting-over-200000-sites-patched-in-rank-math-seo-plugin/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:35:13.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rankmath.com/changelog/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/seo-by-rank-math/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2020/03/critical-vulnerabilities-affecting-over-200000-sites-patched-in-rank-math-seo-plugin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-07T16:50:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rankmath.com/changelog/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/seo-by-rank-math/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/blog/2020/03/critical-vulnerabilities-affecting-over-200000-sites-patched-in-rank-math-seo-plugin/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11514",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rankmath.com/changelog/",
"refsource": "MISC",
"url": "https://rankmath.com/changelog/"
},
{
"name": "https://wordpress.org/plugins/seo-by-rank-math/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/seo-by-rank-math/#developers"
},
{
"name": "https://www.wordfence.com/blog/2020/03/critical-vulnerabilities-affecting-over-200000-sites-patched-in-rank-math-seo-plugin/",
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2020/03/critical-vulnerabilities-affecting-over-200000-sites-patched-in-rank-math-seo-plugin/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11514",
"datePublished": "2020-04-07T16:50:15",
"dateReserved": "2020-04-03T00:00:00",
"dateUpdated": "2024-08-04T11:35:13.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9161 (GCVE-0-2024-9161)
Vulnerability from cvelistv5
Published
2024-10-05 11:21
Modified
2024-10-07 16:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'update_metadata' function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated attackers to insert new and update existing metadata beginning with 'rank_math', and delete arbitrary existing user metadata and term metadata. Deleting existing usermeta can cause a loss of access to the administrator dashboard for any registered users, including Administrators.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rankmath | Rank Math SEO – AI SEO Tools to Dominate SEO Rankings |
Version: * ≤ 1.0.228 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-07T16:14:34.269074Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T16:14:57.624Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings",
"vendor": "rankmath",
"versions": [
{
"lessThanOrEqual": "1.0.228",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Leo Trinh"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the \u0027update_metadata\u0027 function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated attackers to insert new and update existing metadata beginning with \u0027rank_math\u0027, and delete arbitrary existing user metadata and term metadata. Deleting existing usermeta can cause a loss of access to the administrator dashboard for any registered users, including Administrators."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-05T11:21:19.388Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7df39a64-76c5-4ebe-a271-44bd147a3a86?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L120"
},
{
"url": "https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L161"
},
{
"url": "https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L162"
},
{
"url": "https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L64"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3161896/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-04T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings \u003c= 1.0.228 - Missing Authorization to Unauthenticated User and Term Metadata Insert, Update, and Delete"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-9161",
"datePublished": "2024-10-05T11:21:19.388Z",
"dateReserved": "2024-09-24T18:07:48.981Z",
"dateUpdated": "2024-10-07T16:14:57.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9314 (GCVE-0-2024-9314)
Vulnerability from cvelistv5
Published
2024-10-05 11:21
Modified
2024-10-16 15:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.228 via deserialization of untrusted input 'set_redirections' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rankmath | Rank Math SEO – AI SEO Tools to Dominate SEO Rankings |
Version: * ≤ 1.0.228 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rankmath:rankmath_seo_ai_seo_tools_to_dominate_seo_rankings:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rankmath_seo_ai_seo_tools_to_dominate_seo_rankings",
"vendor": "rankmath",
"versions": [
{
"lessThanOrEqual": "1.0.228",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-07T14:30:59.819574Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T15:01:36.402Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings",
"vendor": "rankmath",
"versions": [
{
"lessThanOrEqual": "1.0.228",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Leo Trinh"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.228 via deserialization of untrusted input \u0027set_redirections\u0027 function. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-05T11:21:20.603Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/af5ed47e-f183-4e72-a916-15020e2bc91e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/admin/class-import-export.php#L507"
},
{
"url": "https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/admin/class-import-export.php#L514"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3161896/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-04T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings \u003c= 1.0.228 - Authenticated (Administrator+) PHP Object Injection"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-9314",
"datePublished": "2024-10-05T11:21:20.603Z",
"dateReserved": "2024-09-27T23:23:08.827Z",
"dateUpdated": "2024-10-16T15:01:36.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14786 (GCVE-0-2019-14786)
Vulnerability from cvelistv5
Published
2019-08-15 15:47
Modified
2024-08-05 00:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpvulndb.com/vulnerabilities/9375 | x_refsource_MISC | |
| https://rankmath.com/changelog/ | x_refsource_MISC | |
| https://www.pluginvulnerabilities.com/2019/06/20/authenticated-settings-reset-vulnerability-in-rank-math-seo/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:38.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/9375"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rankmath.com/changelog/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.pluginvulnerabilities.com/2019/06/20/authenticated-settings-reset-vulnerability-in-rank-math-seo/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-23T01:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/9375"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rankmath.com/changelog/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.pluginvulnerabilities.com/2019/06/20/authenticated-settings-reset-vulnerability-in-rank-math-seo/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/9375",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/9375"
},
{
"name": "https://rankmath.com/changelog/",
"refsource": "MISC",
"url": "https://rankmath.com/changelog/"
},
{
"name": "https://www.pluginvulnerabilities.com/2019/06/20/authenticated-settings-reset-vulnerability-in-rank-math-seo/",
"refsource": "MISC",
"url": "https://www.pluginvulnerabilities.com/2019/06/20/authenticated-settings-reset-vulnerability-in-rank-math-seo/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14786",
"datePublished": "2019-08-15T15:47:52",
"dateReserved": "2019-08-09T00:00:00",
"dateUpdated": "2024-08-05T00:26:38.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36376 (GCVE-0-2022-36376)
Vulnerability from cvelistv5
Published
2022-09-09 14:39
Modified
2025-02-20 20:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
Server-Side Request Forgery (SSRF) vulnerability in Rank Math SEO plugin <= 1.0.95 at WordPress.
References
| ▼ | URL | Tags |
|---|---|---|
| https://patchstack.com/database/vulnerability/seo-by-rank-math/wordpress-rank-math-seo-plugin-1-0-95-server-side-request-forgery-ssrf-vulnerability/_s_id=cve | x_refsource_CONFIRM | |
| https://rankmath.com/changelog/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rank Math | Rank Math SEO (WordPress plugin) |
Version: <= 1.0.95 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:00:04.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/seo-by-rank-math/wordpress-rank-math-seo-plugin-1-0-95-server-side-request-forgery-ssrf-vulnerability/_s_id=cve"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rankmath.com/changelog/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36376",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T19:25:32.940133Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T20:07:59.362Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Rank Math SEO (WordPress plugin)",
"vendor": "Rank Math",
"versions": [
{
"lessThanOrEqual": "1.0.95",
"status": "affected",
"version": "\u003c= 1.0.95",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vulnerability discovered by Rafie Muhammad aka Yeraisci (Patchstack Alliance)"
}
],
"datePublic": "2022-08-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Rank Math SEO plugin \u003c= 1.0.95 at WordPress."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-09T14:39:53.000Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://patchstack.com/database/vulnerability/seo-by-rank-math/wordpress-rank-math-seo-plugin-1-0-95-server-side-request-forgery-ssrf-vulnerability/_s_id=cve"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rankmath.com/changelog/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to 1.0.95.1 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Rank Math SEO plugin \u003c= 1.0.95 - Server-Side Request Forgery (SSRF) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-08-12T10:24:00.000Z",
"ID": "CVE-2022-36376",
"STATE": "PUBLIC",
"TITLE": "WordPress Rank Math SEO plugin \u003c= 1.0.95 - Server-Side Request Forgery (SSRF) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rank Math SEO (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "\u003c= 1.0.95",
"version_value": "1.0.95"
}
]
}
}
]
},
"vendor_name": "Rank Math"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Rafie Muhammad aka Yeraisci (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Rank Math SEO plugin \u003c= 1.0.95 at WordPress."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/seo-by-rank-math/wordpress-rank-math-seo-plugin-1-0-95-server-side-request-forgery-ssrf-vulnerability/_s_id=cve",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/seo-by-rank-math/wordpress-rank-math-seo-plugin-1-0-95-server-side-request-forgery-ssrf-vulnerability/_s_id=cve"
},
{
"name": "https://rankmath.com/changelog/",
"refsource": "CONFIRM",
"url": "https://rankmath.com/changelog/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to 1.0.95.1 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2022-36376",
"datePublished": "2022-09-09T14:39:53.112Z",
"dateReserved": "2022-08-09T00:00:00.000Z",
"dateUpdated": "2025-02-20T20:07:59.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13229 (GCVE-0-2024-13229)
Vulnerability from cvelistv5
Published
2025-02-13 04:21
Modified
2025-02-13 16:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the update_metadata() function in all versions up to, and including, 1.0.235. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete any schema metadata assigned to any post.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rankmath | Rank Math SEO – AI SEO Tools to Dominate SEO Rankings |
Version: * ≤ 1.0.235 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13229",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T16:38:33.372785Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T16:38:45.626Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings",
"vendor": "rankmath",
"versions": [
{
"lessThanOrEqual": "1.0.235",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Craig Smith"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the update_metadata() function in all versions up to, and including, 1.0.235. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete any schema metadata assigned to any post."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T04:21:45.803Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5776f689-56dd-413d-b02d-5551b97dd5eb?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L169"
},
{
"url": "https://rankmath.com/changelog/free/page/2/"
},
{
"url": "https://wordpress.org/plugins/seo-by-rank-math/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3222905/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-12T16:21:30.000+00:00",
"value": "Disclosed"
}
],
"title": "Rank Math SEO \u003c= 1.0.235 - Missing Authorization to Authenticated (Contributor+) Arbitrary Schema Deletion"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-13229",
"datePublished": "2025-02-13T04:21:45.803Z",
"dateReserved": "2025-01-08T21:12:26.126Z",
"dateUpdated": "2025-02-13T16:38:45.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32600 (GCVE-0-2023-32600)
Vulnerability from cvelistv5
Published
2023-08-05 23:00
Modified
2024-09-25 16:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rank Math SEO plugin <= 1.0.119 versions.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rank Math | Rank Math SEO |
Version: n/a < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:18:37.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/seo-by-rank-math/wordpress-rank-math-seo-plugin-1-0-119-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T16:24:59.428524Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T16:52:12.279Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "seo-by-rank-math",
"product": "Rank Math SEO",
"vendor": "Rank Math",
"versions": [
{
"changes": [
{
"at": "1.0.119.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.0.119",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafie Muhammad (Patchstack)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rank Math SEO plugin \u0026lt;=\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;1.0.119 versions.\u003c/span\u003e"
}
],
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rank Math SEO plugin \u003c=\u00a01.0.119 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-05T23:00:33.905Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/seo-by-rank-math/wordpress-rank-math-seo-plugin-1-0-119-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u0026nbsp;1.0.119.1 or a higher version."
}
],
"value": "Update to\u00a01.0.119.1 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Rank Math SEO Plugin \u003c= 1.0.119 is vulnerable to Cross Site Scripting (XSS)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-32600",
"datePublished": "2023-08-05T23:00:33.905Z",
"dateReserved": "2023-05-10T11:11:32.951Z",
"dateUpdated": "2024-09-25T16:52:12.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13227 (GCVE-0-2024-13227)
Vulnerability from cvelistv5
Published
2025-02-13 04:21
Modified
2025-02-13 19:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Rank Math API in all versions up to, and including, 1.0.235 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rankmath | Rank Math SEO – AI SEO Tools to Dominate SEO Rankings |
Version: * ≤ 1.0.235 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13227",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T19:39:57.671831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T19:40:03.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings",
"vendor": "rankmath",
"versions": [
{
"lessThanOrEqual": "1.0.235",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Craig Smith"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s Rank Math API in all versions up to, and including, 1.0.235 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T04:21:45.068Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/24df10fb-5143-478e-90f0-27f604ad43ee?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L257"
},
{
"url": "https://wordpress.org/plugins/seo-by-rank-math/#developers"
},
{
"url": "https://rankmath.com/changelog/free/page/2/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3222905/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-12T16:21:31.000+00:00",
"value": "Disclosed"
}
],
"title": "Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings \u003c= 1.0.235 - Authenticated (Contributor+) Stored Cross-Site Scripting via Rank Math API"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-13227",
"datePublished": "2025-02-13T04:21:45.068Z",
"dateReserved": "2025-01-08T20:20:23.309Z",
"dateUpdated": "2025-02-13T19:40:03.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}