Security News > 2020 > April > Critical Flaw in SEO Plugin Exposed Many WordPress Sites to Attacks
A critical vulnerability in the Rank Math SEO plugin for WordPress could allow attackers to lock administrators out of their own websites, WordPress security company Defiant reports.
Meant to help site owners get access to search engine optimization tools that would improve their SEO and attract more traffic, the plugin has over 200,000 installations.
For this feature, the plugin registered a REST-API endpoint, rankmath/v1/updateMeta, but the lack of a permission callback for capability checking exposes it to attacks.
The endpoint uses the update metadata function to delete or update metadata for posts, comments, and terms, but can also update metadata for users, which results in this critical vulnerability.
The user permissions in WordPress are stored in the usermeta table, and the flaw could result in an unauthenticated attacker granting any registered user administrative privileges.
News URL
Related news
- CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks (source)
- Litespeed Cache bug exposes millions of WordPress sites to takeover attacks (source)
- Critical Flaw in WordPress LiteSpeed Cache Plugin Allows Hackers Admin Access (source)
- Critical Flaws in Traccar GPS System Expose Users to Remote Attacks (source)
- Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution (source)
- Ransomware attacks escalate as critical sectors struggle to keep up (source)
- Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks (source)
- LiteSpeed Cache bug exposes 6 million WordPress sites to takeover attacks (source)
- Russian military hackers linked to critical infrastructure attacks (source)
- Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress (source)