Security News > 2020 > April > Critical Flaw in SEO Plugin Exposed Many WordPress Sites to Attacks
A critical vulnerability in the Rank Math SEO plugin for WordPress could allow attackers to lock administrators out of their own websites, WordPress security company Defiant reports.
Meant to help site owners get access to search engine optimization tools that would improve their SEO and attract more traffic, the plugin has over 200,000 installations.
For this feature, the plugin registered a REST-API endpoint, rankmath/v1/updateMeta, but the lack of a permission callback for capability checking exposes it to attacks.
The endpoint uses the update metadata function to delete or update metadata for posts, comments, and terms, but can also update metadata for users, which results in this critical vulnerability.
The user permissions in WordPress are stored in the usermeta table, and the flaw could result in an unauthenticated attacker granting any registered user administrative privileges.
News URL
Related news
- Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks (source)
- Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- Fortinet warns of new critical FortiManager flaw used in zero-day attacks (source)
- FortiManager critical vulnerability under active attack (source)
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Critical bug in EoL D-Link NAS devices now exploited in attacks (source)