Lucene search
Veracode Vulnerability DatabaseVERACODE:37217HistorySep 21, 2022 - 6:43 a.m.
Server-Side Request Forgery
2022-09-2106:43:59
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
3
server-side request forgery
archive_redirect
class-frontend.php
validation
remote attack
vulnerable software
0.004 Low
EPSS
Percentile
73.5%
seo-by-rank-math is vulnerable to server-side request forgery. The vulnerability exists in the archive_redirect function in class-frontend.php because it doesn’t properly validate urls which allows a remote attacker to cause an ssrf bypass via a crafted url.
| CPE | Name | Operator | Version |
|---|---|---|---|
| rankmath/seo-by-rank-math | le | v1.0.96 | |
| rankmath/seo-by-rank-math | le | v1.0.96 |
References
github.com/advisories/GHSA-j95r-86hx-xwxg
github.com/rankmath/seo-by-rank-math/blob/master/includes/frontend/class-frontend.php#L159
github.com/rankmath/seo-by-rank-math/blob/master/includes/frontend/class-frontend.php#L173
github.com/rankmath/seo-by-rank-math/issues/127
patchstack.com/database/vulnerability/seo-by-rank-math/wordpress-rank-math-seo-plugin-1-0-95-server-side-request-forgery-ssrf-vulnerability/_s_id=cve
rankmath.com/changelog/
Related
github
github
Rank Math SEO plugin vulnerable to Server-Side Request Forgery
2022-09-10 00:00:27
openvas
openvas
WordPress Rank Math SEO Plugin < 1.0.95.1 SSRF Vulnerability
2022-09-12 00:00:00
nvd
nvd
CVE-2022-36376
2022-09-09 15:15:10
prion
prion
Server side request forgery (ssrf)
2022-09-09 15:15:00
cvelist
cvelist
osv
osv
Rank Math SEO plugin vulnerable to Server-Side Request Forgery
2022-09-10 00:00:27
patchstack
patchstack
cve
cve
CVE-2022-36376
2022-09-09 15:15:10
wpvulndb
wpvulndb
Rank Math SEO < 1.0.95.1 - Unauthenticated SSRF
2022-08-12 00:00:00