Vulnerabilities and security researches forseo-by-rank-math seo-by-rank-math

Direction: ascending

Jun 07, 2024

Rank Math SEO with AI SEO Tools # CVE-2023-23888

CVE, Research URL: CVE-2023-23888
Home page URL: Security reports for Rank Math SEO with AI SEO Tools
Application: Rank Math SEO with AI SEO Tools
Date: May 17, 2024
Research Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rank Math Rank Math SEO allows Path Traversal.This issue affects Rank Math SEO: from n/a through 1.0.107.2.
Affected versions: max 1.0.119.1.
Status: vulnerable

Rank Math SEO with AI SEO Tools # CVE-2020-11514

CVE, Research URL: CVE-2020-11514
Home page URL: Security reports for Rank Math SEO with AI SEO Tools
Application: Rank Math SEO with AI SEO Tools
Date: Apr 07, 2020
Research Description: The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint.
Affected versions: max 1.0.0.41.
Status: vulnerable

Rank Math SEO with AI SEO Tools # CVE-2020-11515

CVE, Research URL: CVE-2020-11515
Home page URL: Security reports for Rank Math SEO with AI SEO Tools
Application: Rank Math SEO with AI SEO Tools
Date: Apr 07, 2020
Research Description: The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that redirect to an external web site) via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an "Open Redirect" issue; instead, it allows the attacker to create a new URI with an arbitrary name (e.g., the /exampleredirect URI).
Affected versions: max 1.0.0.41.
Status: vulnerable

Rank Math SEO with AI SEO Tools # CVE-2019-14786

CVE, Research URL: CVE-2019-14786
Home page URL: Security reports for Rank Math SEO with AI SEO Tools
Application: Rank Math SEO with AI SEO Tools
Date: Aug 15, 2019
Research Description: The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter.
Affected versions: max 1.0.27.1.
Status: vulnerable

Rank Math SEO with AI SEO Tools # CVE-2024-3665

CVE, Research URL: CVE-2024-3665
Home page URL: Security reports for Rank Math SEO with AI SEO Tools
Application: Rank Math SEO with AI SEO Tools
Date: Apr 23, 2024
Research Description: The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's HowTo and FAQ widgets in all versions up to, and including, 1.0.216 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.0.217.
Status: vulnerable

Rank Math SEO with AI SEO Tools # CVE-2024-4335

CVE, Research URL: CVE-2024-4335
Home page URL: Security reports for Rank Math SEO with AI SEO Tools
Application: Rank Math SEO with AI SEO Tools
Date: May 14, 2024
Research Description: The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textAlign’ parameter in versions up to, and including, 1.0.217 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.0.218.
Status: vulnerable

Rank Math SEO with AI SEO Tools # CVE-2024-4617

CVE, Research URL: CVE-2024-4617
Home page URL: Security reports for Rank Math SEO with AI SEO Tools
Application: Rank Math SEO with AI SEO Tools
Date: May 16, 2024
Research Description: The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in versions up to, and including, 1.0.218 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.0.219.
Status: vulnerable

Rank Math SEO with AI SEO Tools # CVE-2022-36376

CVE, Research URL: CVE-2022-36376
Home page URL: Security reports for Rank Math SEO with AI SEO Tools
Application: Rank Math SEO with AI SEO Tools
Date: Sep 09, 2022
Research Description: Server-Side Request Forgery (SSRF) vulnerability in Rank Math SEO plugin <= 1.0.95 at WordPress.
Affected versions: max 1.0.95.1.
Status: vulnerable

Rank Math SEO with AI SEO Tools # CVE-2023-32600

CVE, Research URL: CVE-2023-32600
Home page URL: Security reports for Rank Math SEO with AI SEO Tools
Application: Rank Math SEO with AI SEO Tools
Date: Aug 06, 2023
Research Description: Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rank Math SEO plugin <= 1.0.119 versions.
Affected versions: max 1.0.119.1.
Status: vulnerable

Rank Math SEO with AI SEO Tools # CVE-2024-2536

CVE, Research URL: CVE-2024-2536
Home page URL: Security reports for Rank Math SEO with AI SEO Tools
Application: Rank Math SEO with AI SEO Tools
Date: Apr 10, 2024
Research Description: The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HowTo block attributes in all versions up to, and including, 1.0.214 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.0.215.
Status: vulnerable

Jun 29, 2024

Rank Math SEO with AI SEO Tools # CVE-2024-4627

CVE, Research URL: CVE-2024-4627
Home page URL: Security reports for Rank Math SEO with AI SEO Tools
Application: Rank Math SEO with AI SEO Tools
Date: Jul 02, 2024
Research Description: The Rank Math SEO WordPress plugin before 1.0.219 does not sanitise and escape some of its settings, which could allow users with access to the General Settings (by default admin, however such access can be given to lower roles via the Role Manager feature of the Rank Math SEO WordPress plugin before 1.0.219) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions: max 1.0.219.
Status: vulnerable

Oct 05, 2024

Rank Math SEO with AI SEO Tools # CVE-2024-9314

CVE, Research URL: CVE-2024-9314
Home page URL: Security reports for Rank Math SEO with AI SEO Tools
Application: Rank Math SEO with AI SEO Tools
Date: Oct 05, 2024
Research Description: The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.228 via deserialization of untrusted input 'set_redirections' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Affected versions: max 1.0.229.
Status: vulnerable

Rank Math SEO with AI SEO Tools # CVE-2024-9161

CVE, Research URL: CVE-2024-9161
Home page URL: Security reports for Rank Math SEO with AI SEO Tools
Application: Rank Math SEO with AI SEO Tools
Date: Oct 05, 2024
Research Description: The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'update_metadata' function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated attackers to insert new and update existing metadata beginning with 'rank_math', and delete arbitrary existing user metadata and term metadata. Deleting existing usermeta can cause a loss of access to the administrator dashboard for any registered users, including Administrators.
Affected versions: max 1.0.229.
Status: vulnerable

Nov 26, 2024

Rank Math SEO with AI SEO Tools # CVE-2024-11620

CVE, Research URL: CVE-2024-11620
Home page URL: Security reports for Rank Math SEO with AI SEO Tools
Application: Rank Math SEO with AI SEO Tools
Date: Nov 28, 2024
Research Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Code Injection.This issue affects Rank Math SEO: from n/a through <= 1.0.231.
Affected versions: max 1.0.232.
Status: vulnerable

Jan 16, 2025

Rank Math SEO with AI SEO Tools # PSC-2024-64547

PSC, Research URL: PSC-2024-64547
Home page URL: Security reports for Rank Math SEO with AI SEO Tools
Application: Rank Math SEO with AI SEO Tools
Date: Apr 15, 2025
Research Description: Rank Math SEO is a state-of-the-art plugin designed to simplify and enhance search engine optimization (SEO) for WordPress websites. Its use of artificial intelligence (AI) sets it apart, providing advanced tools to automate and optimize SEO tasks. However, alongside its powerful functionality, it is crucial to assess the plugin’s security practices to ensure safe deployment on websites.
Affected versions: Min 1.0.271.1, max 1.0.271.1.
Status: SAFE & CERTIFIED

Feb 15, 2025

Rank Math SEO with AI SEO Tools # CVE-2024-13229

CVE, Research URL: CVE-2024-13229
Home page URL: Security reports for Rank Math SEO with AI SEO Tools
Application: Rank Math SEO with AI SEO Tools
Date: Feb 13, 2025
Research Description: The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the update_metadata() function in all versions up to, and including, 1.0.235. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete any schema metadata assigned to any post.
Affected versions: max 1.0.236.
Status: vulnerable

Rank Math SEO with AI SEO Tools # CVE-2024-13227

CVE, Research URL: CVE-2024-13227
Home page URL: Security reports for Rank Math SEO with AI SEO Tools
Application: Rank Math SEO with AI SEO Tools
Date: Feb 13, 2025
Research Description: The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Rank Math API in all versions up to, and including, 1.0.235 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.0.236.
Status: vulnerable

Dec 09, 2025

Rank Math SEO with AI SEO Tools # CVE-2025-64350

CVE, Research URL: CVE-2025-64350
Home page URL: Security reports for Rank Math SEO with AI SEO Tools
Application: Rank Math SEO with AI SEO Tools
Date: Oct 31, 2025
Research Description: Missing Authorization vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rank Math SEO: from n/a through <= 1.0.252.1.
Affected versions: max 1.0.253.
Status: vulnerable

Rank Math SEO with AI SEO Tools # CVE-2025-64351

CVE, Research URL: CVE-2025-64351
Home page URL: Security reports for Rank Math SEO with AI SEO Tools
Application: Rank Math SEO with AI SEO Tools
Date: Oct 31, 2025
Research Description: Insertion of Sensitive Information Into Sent Data vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Retrieve Embedded Sensitive Data.This issue affects Rank Math SEO: from n/a through <= 1.0.252.1.
Affected versions: max 1.0.253.
Status: vulnerable

May 29, 2026

Rank Math SEO with AI SEO Tools # CVE-2025-12714

CVE, Research URL: CVE-2025-12714
Home page URL: Security reports for Rank Math SEO with AI SEO Tools
Application: Rank Math SEO with AI SEO Tools
Date: May 29, 2026
Research Description: The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the update_site_editor_homepage function in all versions up to, and including, 1.0.271. This makes it possible for unauthenticated attackers to modify several plugin settings including homepage title, meta description, breadcrumbs label, and social media metadata, which can have severe impact on SEO rankings and display malicious content across all site pages where breadcrumbs are used.
Affected versions: max 1.0.271.1.
Status: vulnerable

Jun 09, 2026

Rank Math SEO with AI SEO Tools # CVE-2026-34892

CVE, Research URL: CVE-2026-34892
Home page URL: Security reports for Rank Math SEO with AI SEO Tools
Application: Rank Math SEO with AI SEO Tools
Date: Jun 16, 2026
Research Description: Subscriber Broken Access Control in Rank Math SEO <= 1.0.271 versions.
Affected versions: max 1.0.271.1.
Status: vulnerable

Jun 16, 2026

Rank Math SEO with AI SEO Tools # d29ac46a080cb84b3bde03689d3535b333b0a2ca

CVE, Research URL: d29ac46a080cb84b3bde03689d3535b333b0a2ca
Home page URL: Security reports for Rank Math SEO with AI SEO Tools
Application: Rank Math SEO with AI SEO Tools
Date: Jun 18, 2019
Research Description: Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.27 Rank Math SEO <= 1.0.26 - Cross-Site Scripting The Rank Math SEO is vulnerable to Cross-Site Scripting via several parameters in versions up to, and including 1.0.26.
Affected versions: max 1.0.27.
Status: vulnerable

Rank Math SEO with AI SEO Tools # b890e2d32060f28d5bf5081382f42be4b9d49d72

CVE, Research URL: b890e2d32060f28d5bf5081382f42be4b9d49d72
Home page URL: Security reports for Rank Math SEO with AI SEO Tools
Application: Rank Math SEO with AI SEO Tools
Date: Jul 17, 2023
Research Description: Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.119.1 Rank Math SEO <= 1.0.119 - Authenticated (Contributor+) Stored Cross-Site Scripting The Rank Math SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.0.119 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.0.119.1.
Status: vulnerable

Rank Math SEO with AI SEO Tools # 30d6ce716f6e553927a3dde4415b922f806c0cc4

CVE, Research URL: 30d6ce716f6e553927a3dde4415b922f806c0cc4
Home page URL: Security reports for Rank Math SEO with AI SEO Tools
Application: Rank Math SEO with AI SEO Tools
Date: Jun 25, 2019
Research Description: Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.27.1 WordPress SEO By Rank Math plugin <= 1.0.27 - Authenticated Settings Reset vulnerability Authenticated Settings Reset vulnerability found in WordPress SEO By Rank Math plugin (versions <= 1.0.27).
Affected versions: max 1.0.27.1.
Status: vulnerable

Rank Math SEO with AI SEO Tools # 530de2b3-d5eb-43e3-8b62-451726af8ce9

CVE, Research URL: 530de2b3-d5eb-43e3-8b62-451726af8ce9
Home page URL: Security reports for Rank Math SEO with AI SEO Tools
Application: Rank Math SEO with AI SEO Tools
Date: -
Research Description: Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.27 Seo by Rank Math <= 1.0.26 - XSS Issues The changelog file states "Added some important security fixes", and various variables can be found being HTML escaped in the code changes.
Affected versions: max 1.0.27.
Status: vulnerable

Rank Math SEO with AI SEO Tools # 70920f607d8f198be39c3b0a39139c2b6ebf783c

CVE, Research URL: 70920f607d8f198be39c3b0a39139c2b6ebf783c
Home page URL: Security reports for Rank Math SEO with AI SEO Tools
Application: Rank Math SEO with AI SEO Tools
Date: Jan 30, 2023
Research Description: Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.107.3 RankMath SEO <= 1.0.107.2 - Authenticated (Contributor+) Local File Inclusion The RankMath SEO plugin for WordPress is vulnerable to Local File Inclusion via the 'update_schemas' and 'get_snippet_content' functions. This allows authenticated attackers, with contributor-level permissions and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls or obtain sensitive data.
Affected versions: max 1.0.107.3.
Status: vulnerable

Rank Math SEO with AI SEO Tools # 4ae1d70f73a964b8a5f9fd4ba0b32e842cb23e31

CVE, Research URL: 4ae1d70f73a964b8a5f9fd4ba0b32e842cb23e31
Home page URL: Security reports for Rank Math SEO with AI SEO Tools
Application: Rank Math SEO with AI SEO Tools
Date: Apr 18, 2020
Research Description: Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.42.2 Rank Math SEO <= 1.0.42.1 - Missing Authorization The Rank Math SEO plugin for WordPress is vulnerable to authorization bypass due to missing access controls on its "disable competitor plugins" functionality in versions up to, and including, 1.0.42.1. This makes it possible for subscriber-level attackers to disable other SEO or sitemap plugins on the site.
Affected versions: max 1.0.42.2.
Status: vulnerable

Rank Math SEO with AI SEO Tools # 4f92af29-b9af-4786-9b29-373aba7de0c2

CVE, Research URL: 4f92af29-b9af-4786-9b29-373aba7de0c2
Home page URL: Security reports for Rank Math SEO with AI SEO Tools
Application: Rank Math SEO with AI SEO Tools
Date: -
Research Description: Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.42.2 Rank Math 0.9~1.0.42.1 - Authenticated Missing Access Controls to Disable Competitor Plugins Missing access controls on the GET requests to deactivate competitors' plugins. This could allow any authenticated users (such as subscribers) to deactivate the SEO and Sitemap plugins from competitors. The attack could also be performed via CSRF.
Affected versions: max 1.0.42.2.
Status: vulnerable

Rank Math SEO with AI SEO Tools # 379140fba1759d06e55d8e7478e5511caeefecf3

CVE, Research URL: 379140fba1759d06e55d8e7478e5511caeefecf3
Home page URL: Security reports for Rank Math SEO with AI SEO Tools
Application: Rank Math SEO with AI SEO Tools
Date: Jun 18, 2019
Research Description: Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.27 WordPress SEO by Rank Math plugin <= 1.0.26 - Cross-Site Scripting (XSS) vulnerabilities Cross-Site Scripting (XSS) vulnerabilities found in WordPress SEO by Rank Math (versions <= 1.0.26).
Affected versions: max 1.0.27.
Status: vulnerable