seo-by-rank-math is vulnerable to server-side request forgery. The vulnerability exists in the archive_redirect
function in class-frontend.php
because it doesn’t properly validate urls which allows a remote attacker to cause an ssrf bypass via a crafted url.
CPE | Name | Operator | Version |
---|---|---|---|
rankmath/seo-by-rank-math | le | v1.0.96 | |
rankmath/seo-by-rank-math | le | v1.0.96 |
github.com/advisories/GHSA-j95r-86hx-xwxg
github.com/rankmath/seo-by-rank-math/blob/master/includes/frontend/class-frontend.php#L159
github.com/rankmath/seo-by-rank-math/blob/master/includes/frontend/class-frontend.php#L173
github.com/rankmath/seo-by-rank-math/issues/127
patchstack.com/database/vulnerability/seo-by-rank-math/wordpress-rank-math-seo-plugin-1-0-95-server-side-request-forgery-ssrf-vulnerability/_s_id=cve
rankmath.com/changelog/