What is the Vulnerability?
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized access. This vulnerability is caused by a missing capability check on the update_site_editor_homepage function in all versions up to, and including, 1.0.271.
Impact of the Vulnerability
This vulnerability makes it possible for unauthenticated attackers to modify several plugin settings. These settings include homepage title, meta description, breadcrumbs label, and social media metadata. The impact of this can be severe, affecting SEO rankings and potentially displaying malicious content across all site pages where breadcrumbs are used.
Understanding the CVSS Severity Score
The CVSS (Common Vulnerability Scoring System) severity score for this vulnerability is 5.3, which is classified as MEDIUM. The CVSS vector string for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. This indicates that the vulnerability can be exploited over a network with low attack complexity, requiring no privileges or user interaction, and has a low impact on integrity.
Mitigation and Prevention
To mitigate this vulnerability, users of the Rank Math SEO plugin should update to a version that includes a fix for this issue. It's also crucial for website administrators to regularly update their plugins and themes to prevent exploitation of known vulnerabilities.