🎁Wordfence just launched its bug bounty program. From today through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! Register as a researcher and submit your vulnerabilities today!🎁

Rank Math SEO

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Rank Math SEO

Information

Software Type	Plugin
Software Slug	seo-by-rank-math (view on wordpress.org)
Software Status	Active
Software Author	rankmath
Software Website	rankmath.com
Software Downloads	78,123,475
Software Active Installs	2,000,000
Software Record Last Updated	December 3, 2023

8 Vulnerabilities

Rank Math SEO <= 1.0.119 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-32600

Jul 17, 2023

Researcher: Rafie Muhammad

RankMath SEO <= 1.0.107.2 - Authenticated (Contributor+) Local File Inclusion

6.5

CVE-2023-23888

Jan 30, 2023

Researcher: Rafie Muhammad

Rank Math SEO <= 1.0.95 - Server-Side Request Forgery

5.4

CVE-2022-36376

Aug 12, 2022

Researcher: Rafie Muhammad

Rank Math SEO <= 1.0.42.1 - Missing Authorization

5.4

CVE ID Unknown

Apr 18, 2020

Researchers:

Rank Math SEO <= 1.0.40.2 - Redirect Creation via Unprotected REST API Endpoint

7.4

CVE-2020-11515

Mar 25, 2020

Researcher: Ram

Rank Math SEO <= 1.0.40.2 - Privilege Escalation via Unprotected REST API Endpoint

9.8

CVE-2020-11514

Mar 25, 2020

Researcher: Ram

Rank Math SEO <= 1.0.27 - Authenticated Settings Reset via reset-cmb Parameter

6.5

CVE-2019-14786

Jun 21, 2019

Researchers:

Rank Math SEO <= 1.0.26 - Cross-Site Scripting

7.2

CVE ID Unknown

Jun 18, 2019

Researchers:

Title	CVE ID	CVSS	Researchers	Date
Rank Math SEO <= 1.0.119 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-32600	6.4	Rafie Muhammad	July 17, 2023
RankMath SEO <= 1.0.107.2 - Authenticated (Contributor+) Local File Inclusion	CVE-2023-23888	6.5	Rafie Muhammad	January 30, 2023
Rank Math SEO <= 1.0.95 - Server-Side Request Forgery	CVE-2022-36376	5.4	Rafie Muhammad	August 12, 2022
Rank Math SEO <= 1.0.42.1 - Missing Authorization		5.4		April 18, 2020
Rank Math SEO <= 1.0.40.2 - Redirect Creation via Unprotected REST API Endpoint	CVE-2020-11515	7.4	Ram	March 25, 2020
Rank Math SEO <= 1.0.40.2 - Privilege Escalation via Unprotected REST API Endpoint	CVE-2020-11514	9.8	Ram	March 25, 2020
Rank Math SEO <= 1.0.27 - Authenticated Settings Reset via reset-cmb Parameter	CVE-2019-14786	6.5		June 21, 2019
Rank Math SEO <= 1.0.26 - Cross-Site Scripting		7.2		June 18, 2019

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation