Lucene search
+L

29 matches found

vulncheck_kev
vulncheck_kev
added 2024/10/25 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-9161

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'updatemetadata' function in all versions up to, and including, 1.0.228. This makes it possible for...

6.5CVSS5.8AI score0.02131EPSS
Exploits0References1
osv
osv
added 2024/10/05 12:15 p.m.6 views

CVE-2024-9161

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'updatemetadata' function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated...

6.5CVSS5.9AI score0.02131EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2024/10/05 12:0 a.m.8 views

PT-2024-39463 · WordPress · Rank Math Seo

Name of the Vulnerable Software and Affected Versions: Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress versions up to, and including, 1.0.228 Description: The issue is caused by a missing capability check on the update metadata function, allowing unauthenticated attacke...

6.5CVSS7.4AI score0.02131EPSS
Exploits0References14
redhat
redhat
added 2020/12/15 5:7 p.m.6 views

keycloak: Account REST API can update user metadata attributes

A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute to impersonate the admin user for any particular application...

4.9CVSS5.7AI score0.00572EPSS
Exploits0References4
osv
osv
added 2020/04/07 5:15 p.m.5 views

CVE-2020-11514

The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint...

9.8CVSS7.4AI score0.09106EPSS
Exploits2References3
prion
prion
added 2020/04/07 5:15 p.m.23 views

Code injection

The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint...

7.5CVSS9.7AI score0.09106EPSS
Exploits2References3Affected Software1
euvd
euvd
added 2020/04/07 4:50 p.m.9 views

EUVD-2020-3867

The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint...

9.8CVSS9.7AI score0.09106EPSS
Exploits2References3
wpexploit
wpexploit
added 2020/03/31 12:0 a.m.244 views

WordPress SEO Plugin - Rank Math < 1.0.41 - Privilege Escalation via Unprotected REST API Endpoint

This plugin registered a REST-API endpoint, rankmath/v1/updateMeta, which failed to include a permissioncallback used for capability checking. The endpoint called a function, updatemetadata which could be used to update the slug on existing posts, or could be used to delete or update metadata for...

7.5CVSS0.6AI score0.09106EPSS
Exploits2References1
osv
osv
added 2019/04/09 6:29 p.m.2 views

CVE-2017-17023

The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering www.ncp-e.com. The affected client software, "Sophos IPSec Client" 11.04 is a rebranded version of NCP "Secure Entry Client" 10.11 r32792. A vulnerability in the software update feature of the VPN client allows...

8.1CVSS5.9AI score0.00611EPSS
Exploits0References2
Rows per page
Query Builder