Vulnerabilities and security researches forseo-local-rank seo-local-rank

Jun 07, 2024

CVE, Research URL: CVE-2021-39312
Home page URL: Security reports for True Ranker
Application: True Ranker
Date: Dec 14, 2021
Research Description: The True Ranker plugin <= 2.2.2 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the ~/admin/vendor/datatables/examples/resources/examples.php file.
Affected versions: max 2.2.4.
Status: vulnerable

Apr 16, 2026

CVE, Research URL: CVE-2026-1085
Home page URL: Security reports for True Ranker
Application: True Ranker
Date: Mar 07, 2026
Research Description: The True Ranker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.9. This is due to missing nonce validation on the seolocalrank-signout action. This makes it possible for unauthenticated attackers to disconnect the administrator's True Ranker account via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 2.2.9.
Status: vulnerable