Short Name |
HTTP:CTS:RNKMTH-WRDPRS-SEO-ACW |
---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Rank Math Wordpress SEO Plugin updateMeta REST Endpoint Access Control Weakness |
Release Date |
2020/04/20 |
Update Number |
3273 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Wordpress SEO Plugin by Rank Math. A successful attack can lead to security bypass.
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint.