Vulnerabilities and security researches forseo-by-rank-math seo-by-rank-math
Direction: descendingFeb 15, 2025
Rank Math SEO with AI SEO Tools # CVE-2024-13229
- CVE, Research URL
- Home page URL
- Application
- Date
- Feb 13, 2025
- Research Description
- The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the update_metadata() function in all versions up to, and including, 1.0.235. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete any schema metadata assigned to any post.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Rank Math SEO with AI SEO Tools # CVE-2024-13227
- CVE, Research URL
- Home page URL
- Application
- Date
- Feb 13, 2025
- Research Description
- The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Rank Math API in all versions up to, and including, 1.0.235 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jan 16, 2025
Rank Math SEO with AI SEO Tools # PSC-2024-64547
- PSC, Research URL
- Home page URL
- Application
- Date
- -
- Research Description
- Rank Math SEO is a state-of-the-art plugin designed to simplify and enhance search engine optimization (SEO) for WordPress websites. Its use of artificial intelligence (AI) sets it apart, providing advanced tools to automate and optimize SEO tasks. However, alongside its powerful functionality, it is crucial to assess the plugin’s security practices to ensure safe deployment on websites.
- Affected versions
-
Min -, max -.
- Status
-
SAFE & CERTIFIED
Nov 26, 2024
Rank Math SEO with AI SEO Tools # CVE-2024-11620
- CVE, Research URL
- Home page URL
- Application
- Date
- Nov 28, 2024
- Research Description
- Improper Control of Generation of Code ('Code Injection') vulnerability in Rank Math SEO allows Code Injection.This issue affects Rank Math SEO: from n/a through 1.0.231.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Oct 05, 2024
Rank Math SEO with AI SEO Tools # CVE-2024-9314
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 05, 2024
- Research Description
- The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.228 via deserialization of untrusted input 'set_redirections' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Rank Math SEO with AI SEO Tools # CVE-2024-9161
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 05, 2024
- Research Description
- The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'update_metadata' function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated attackers to insert new and update existing metadata beginning with 'rank_math', and delete arbitrary existing user metadata and term metadata. Deleting existing usermeta can cause a loss of access to the administrator dashboard for any registered users, including Administrators.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jun 29, 2024
Rank Math SEO with AI SEO Tools # CVE-2024-4627
- CVE, Research URL
- Home page URL
- Application
- Date
- Jul 02, 2024
- Research Description
- The Rank Math SEO WordPress plugin before 1.0.219 does not sanitise and escape some of its settings, which could allow users with access to the General Settings (by default admin, however such access can be given to lower roles via the Role Manager feature of the Rank Math SEO WordPress plugin before 1.0.219) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jun 07, 2024
Rank Math SEO with AI SEO Tools # CVE-2023-23888
- CVE, Research URL
- Home page URL
- Application
- Date
- May 17, 2024
- Research Description
- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rank Math Rank Math SEO allows Path Traversal.This issue affects Rank Math SEO: from n/a through 1.0.107.2.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Rank Math SEO with AI SEO Tools # CVE-2020-11514
- CVE, Research URL
- Home page URL
- Application
- Date
- Apr 07, 2020
- Research Description
- The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Rank Math SEO with AI SEO Tools # CVE-2020-11515
- CVE, Research URL
- Home page URL
- Application
- Date
- Apr 07, 2020
- Research Description
- The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that redirect to an external web site) via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an "Open Redirect" issue; instead, it allows the attacker to create a new URI with an arbitrary name (e.g., the /exampleredirect URI).
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Rank Math SEO with AI SEO Tools # CVE-2019-14786
- CVE, Research URL
- Home page URL
- Application
- Date
- Aug 15, 2019
- Research Description
- The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Rank Math SEO with AI SEO Tools # CVE-2024-3665
- CVE, Research URL
- Home page URL
- Application
- Date
- Apr 23, 2024
- Research Description
- The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's HowTo and FAQ widgets in all versions up to, and including, 1.0.216 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Rank Math SEO with AI SEO Tools # CVE-2024-4335
- CVE, Research URL
- Home page URL
- Application
- Date
- May 14, 2024
- Research Description
- The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textAlign’ parameter in versions up to, and including, 1.0.217 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Rank Math SEO with AI SEO Tools # CVE-2024-4617
- CVE, Research URL
- Home page URL
- Application
- Date
- May 16, 2024
- Research Description
- The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in versions up to, and including, 1.0.218 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Rank Math SEO with AI SEO Tools # CVE-2022-36376
- CVE, Research URL
- Home page URL
- Application
- Date
- Sep 09, 2022
- Research Description
- Server-Side Request Forgery (SSRF) vulnerability in Rank Math SEO plugin <= 1.0.95 at WordPress.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Rank Math SEO with AI SEO Tools # CVE-2023-32600
- CVE, Research URL
- Home page URL
- Application
- Date
- Aug 06, 2023
- Research Description
- Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rank Math SEO plugin <= 1.0.119 versions.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Rank Math SEO with AI SEO Tools # CVE-2024-2536
- CVE, Research URL
- Home page URL
- Application
- Date
- Apr 10, 2024
- Research Description
- The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HowTo block attributes in all versions up to, and including, 1.0.214 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable