Security News > 2020 > April > Critical Flaw in SEO Plugin Exposed Many WordPress Sites to Attacks
A critical vulnerability in the Rank Math SEO plugin for WordPress could allow attackers to lock administrators out of their own websites, WordPress security company Defiant reports.
Meant to help site owners get access to search engine optimization tools that would improve their SEO and attract more traffic, the plugin has over 200,000 installations.
For this feature, the plugin registered a REST-API endpoint, rankmath/v1/updateMeta, but the lack of a permission callback for capability checking exposes it to attacks.
The endpoint uses the update metadata function to delete or update metadata for posts, comments, and terms, but can also update metadata for users, which results in this critical vulnerability.
The user permissions in WordPress are stored in the usermeta table, and the flaw could result in an unauthenticated attacker granting any registered user administrative privileges.
News URL
Related news
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)
- Critical GitHub Attack (source)
- Critical Cisco Smart Licensing Utility flaws now exploited in attacks (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- Critical auth bypass bug in CrushFTP now exploited in attacks (source)