Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:CTS:RNKMTH-WRDPRS-SEO-ACW |
|---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Rank Math Wordpress SEO Plugin updateMeta REST Endpoint Access Control Weakness |
Release Date |
2020/04/20 |
Update Number |
3273 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Rank Math Wordpress SEO Plugin updateMeta REST Endpoint Access Control Weakness
This signature detects attempts to exploit a known vulnerability against Wordpress SEO Plugin by Rank Math. A successful attack can lead to security bypass.
Extended Description
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint.
Affected Products
- Rankmath rankmath 1.0.40.2
References
- CVE: CVE-2020-11514