WordPress Rank Math SEO Plugin <= 1.0.228 is vulnerable to Broken Access Control

Software Rank Math SEO Type Plugin Vulnerable versions = 1.0.228 Fixed in 1.0.229 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9161 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID ca30124e345e Credits Leo Required privilege...

CVE-2024-9314

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.228 via deserialization of untrusted input 'setredirections' function. This makes it possible for authenticated attackers, with...

CVE-2024-9314

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.228 via deserialization of untrusted input 'setredirections' function. This makes it possible for authenticated attackers, with...

CVE-2024-9161

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'updatemetadata' function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated...

CVE-2024-9314 Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.228 - Authenticated (Administrator+) PHP Object Injection

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.228 via deserialization of untrusted input 'setredirections' function. This makes it possible for authenticated attackers, with...

CVE-2024-9314 Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.228 - Authenticated (Administrator+) PHP Object Injection

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.228 via deserialization of untrusted input 'setredirections' function. This makes it possible for authenticated attackers, with...

CVE-2024-9314

Rank Math SEO – AI Tools to Dominate SEO Rankings (WordPress) is affected by CVE-2024-9314: authenticated administrators can deserialise untrusted input via the set_redirections path, enabling PHP Object Injection in versions up to and including 1.0.228. The vulnerability description notes that n...

CVE-2024-9161 Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.228 - Missing Authorization to Unauthenticated User and Term Metadata Insert, Update, and Delete

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'updatemetadata' function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated...

CVE-2024-9161

The CVE-2024-9161 entry affects the WordPress plugin Rank Math SEO – AI SEO Tools to Dominate SEO Rankings (versions up to 1.0.228). The root cause is a missing capability check in the function update_metadata , which allows unauthenticated users to insert, update, or delete metadata (including u...

CVE-2024-9161 Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.228 - Missing Authorization to Unauthenticated User and Term Metadata Insert, Update, and Delete

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'updatemetadata' function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated...

WordPress plugin Rank Math SEO 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Rank Math SEO 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

PT-2024-39463 · WordPress · Rank Math Seo

Name of the Vulnerable Software and Affected Versions: Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress versions up to, and including, 1.0.228 Description: The issue is caused by a missing capability check on the update metadata function, allowing unauthenticated attacke...

WordPress Contact Form 7 Math Captcha plugin <= 3.0.0 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by goodguyandy & ahmed in WordPress Plugin Contact Form 7 Math Captcha versions = 3.0.0...

CVE-2024-6517

The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users...

CVE-2024-6517

The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users...

CVE-2024-6517

The CVE concerns the WordPress plugin Contact Form 7 Math Captcha, affected versions

WordPress plugin Contact Form 7 Math Captcha 安全漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin...

WordPress Contact Form 7 Math Captcha Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form 7 Math Captcha Type Plugin Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6517 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1067711fa4c4 Credits...

PT-2024-37683 · WordPress · Contact Form 7 Math Captcha

Name of the Vulnerable Software and Affected Versions: Contact Form 7 Math Captcha WordPress plugin versions 2.0.1 and earlier Description: The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitized and escaped before being outputted back in the...