VYPR

Seo By Rank Math

by WordPress

Source repositories

CVEs (17)

  • CVE-2024-11620HigNov 28, 2024
    risk 0.47cvss 7.2epss 0.01

    Improper Control of Generation of Code ('Code Injection') vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Code Injection.This issue affects Rank Math SEO: from n/a through <= 1.0.231.

  • CVE-2026-34892MedJun 15, 2026
    risk 0.42cvss 6.5epss 0.00

    Subscriber Broken Access Control in Rank Math SEO <= 1.0.271 versions.

  • CVE-2024-3665MedApr 23, 2024
    risk 0.42cvss 6.4epss 0.00

    The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's HowTo and FAQ widgets in all versions up to, and including, 1.0.216 due to insufficient input sanitization and output escaping on user supplied attributes. This…

  • CVE-2024-2536MedApr 9, 2024
    risk 0.35cvss 6.4epss 0.00

    The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HowTo block attributes in all versions up to, and including, 1.0.214 due to insufficient input sanitization and output escaping on user supplied attributes. This makes…

  • CVE-2025-64351MedOct 31, 2025
    risk 0.28cvss 4.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Retrieve Embedded Sensitive Data.This issue affects Rank Math SEO: from n/a through <= 1.0.252.1.

  • CVE-2025-12714MedMay 29, 2026
    risk 0.27cvss 5.3epss 0.00

    The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the update_site_editor_homepage function in all versions up to, and including, 1.0.271. This makes it possible for…

  • CVE-2025-64350LowOct 31, 2025
    risk 0.25cvss 3.8epss 0.00

    Missing Authorization vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rank Math SEO: from n/a through <= 1.0.252.1.

  • CVE-2020-11514Apr 7, 2020
    risk 0.05cvss epss 0.09

    The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint.

  • CVE-2024-13229Feb 13, 2025
    risk 0.00cvss epss 0.00

    The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the update_metadata() function in all versions up to, and including, 1.0.235. This makes it possible for authenticated…

  • CVE-2024-13227Feb 13, 2025
    risk 0.00cvss epss 0.00

    The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Rank Math API in all versions up to, and including, 1.0.235 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2024-9314Oct 5, 2024
    risk 0.00cvss epss 0.01

    The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.228 via deserialization of untrusted input 'set_redirections' function. This makes it possible for authenticated…

  • CVE-2024-9161Oct 5, 2024
    risk 0.00cvss epss 0.02

    The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'update_metadata' function in all versions up to, and including, 1.0.228. This makes it possible…

  • CVE-2024-4627Jul 2, 2024
    risk 0.00cvss epss 0.00

    The Rank Math SEO WordPress plugin before 1.0.219 does not sanitise and escape some of its settings, which could allow users with access to the General Settings (by default admin, however such access can be given to lower roles via the Role Manager feature of the Rank Math SEO …

  • CVE-2023-23888May 17, 2024
    risk 0.00cvss epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rank Math Rank Math SEO allows Path Traversal.This issue affects Rank Math SEO: from n/a through 1.0.107.2.

  • CVE-2023-32600Aug 5, 2023
    risk 0.00cvss epss 0.00

    Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rank Math SEO plugin <= 1.0.119 versions.

  • CVE-2020-11515Apr 7, 2020
    risk 0.00cvss epss 0.02

    The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that redirect to an external web site) via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an "Open Redirect" issue;…

  • CVE-2019-14786Aug 15, 2019
    risk 0.00cvss epss 0.01

    The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter.