Lucene search
Dmitrii IgnatyevWPEX-ID:C0058FCC-36F6-40BF-9848-FBE2D751D754HistoryJun 11, 2024 - 12:00 a.m.
Rank Math SEO < 1.0.219 - Authenticated Stored XSS
2024-06-1100:00:00
Dmitrii Ignatyev
9
rank math seo
authenticated stored xss
poc
june 25 2024
update required
exploit
Description The plugin does not sanitise and escape some of its settings, which could allow users with access to the General Settings (by default admin, however such access can be given to lower roles via the Role Manager feature of the plugin) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
The PoC will be displayed on June 25, 2024, to give users the time to update.Related
wpvulndb
wpvulndb
Rank Math SEO < 1.0.219 - Authenticated Stored XSS
2024-06-11 00:00:00
nvd
nvd
CVE-2024-4627
2024-07-02 06:15:04
cve
cve
CVE-2024-4627
2024-07-02 06:15:04
cvelist
cvelist
CVE-2024-4627 Rank Math SEO < 1.0.219 - Authenticated Stored XSS
2024-07-02 06:00:02
wordfence
wordfence
5.8 Medium
AI Score
Confidence
High
0 Low
EPSS
Percentile
0.0%
Related for WPEX-ID:C0058FCC-36F6-40BF-9848-FBE2D751D754