HTTP: Rank Math Wordpress SEO Plugin updateMeta REST Endpoint Access Control Weakness

This signature detects attempts to exploit a known vulnerability against Wordpress SEO Plugin by Rank Math. A successful attack can lead to security bypass.

Extended Description

The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint.

Affected Products

Rankmath seo

References

CVE: CVE-2020-11514

Short Name
HTTP:CTS:RNKMTH-WRDPRS-SEO-ACW
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Access CVE-2020-11514 Control Endpoint Math Plugin REST Rank SEO Weakness Wordpress updateMeta
Release Date
04/20/2020
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3601
False Positive
Unknown
Vendors

Rankmath

CVSS Score

7.5

Found a potential security threat?