Security News > 2020 > April > Critical Flaw in SEO Plugin Exposed Many WordPress Sites to Attacks
A critical vulnerability in the Rank Math SEO plugin for WordPress could allow attackers to lock administrators out of their own websites, WordPress security company Defiant reports.
Meant to help site owners get access to search engine optimization tools that would improve their SEO and attract more traffic, the plugin has over 200,000 installations.
For this feature, the plugin registered a REST-API endpoint, rankmath/v1/updateMeta, but the lack of a permission callback for capability checking exposes it to attacks.
The endpoint uses the update metadata function to delete or update metadata for posts, comments, and terms, but can also update metadata for users, which results in this critical vulnerability.
The user permissions in WordPress are stored in the usermeta table, and the flaw could result in an unauthenticated attacker granting any registered user administrative privileges.
News URL
Related news
- CISA warns of critical Oracle, Mitel flaws exploited in attacks (source)
- Unpatched critical flaws impact Fancy Product Designer WordPress plugin (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- W3 Total Cache plugin flaw exposes 1 million WordPress sites to attacks (source)
- Critical zero-days impact premium WordPress real estate plugins (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)