Rank Math SEO < 1.0.95.1 - Unauthenticated SSRF

2022-08-1200:00:00

wpscan.com

rank math seo

unauthenticated

ssrf

access

rest endpoints

headless settings

attackers

software

0.004 Low

EPSS

Percentile

73.5%

JSON

The plugin does not properly restrict access to some .htaccess blocked REST endpoints when the headless settings is enabled, which could allow unauthenticated attackers to perform SSRF attacks

CPENameOperatorVersion
seo-by-rank-mathlt1.0.95.1

CPE	Name	Operator	Version
	seo-by-rank-math	lt	1.0.95.1

0.004 Low

EPSS

Percentile

73.5%

JSON

Related for WPVDB-ID:1180E8B9-9F9D-457A-BC4D-ABAFA72CCC66