Flaw in Rank Math WordPress Plugin Allows Hackers to Revoke Admin Privileges of Website Owners

  • Researchers have discovered two vulnerabilities in WordPress SEO plugin - Rank Math - which has over 200,000 installations.
  • The most critical of these is a privilege escalation vulnerability that can allow attackers to revoke and grant administrator privileges to any registered users.

Researchers have discovered two vulnerabilities in WordPress SEO plugin - Rank Math - which has over 200,000 installations. The most critical of these is a privilege escalation vulnerability that can allow attackers to revoke and grant administrator privileges to any registered users.

About Rank Math
Rank Math is a WordPress plugin designed to assist with search engine optimization (SEO). It has a number of features - like keyword optimization, Google Search Console integration, Google keyword rank tracking - that helps a website owner to more attract traffic to their sites through SEO.

About the privilege escalation flaw
Discovered by Defiant’s Wordfence Threat Intelligence team, the flaw exists in an unprotected REST-API endpoint. Successful exploitation of the bug can allow an unauthenticated attacker to update arbitrary metadata. To make things even worse, attackers can also lock admins out of their sites by revoking their administrator privileges.

The flaw affects versions prior to 1.0.40.2 and scores a rating of 10 on the CVSS scale.

Second flaw found in REST-API endpoint
Researchers noted that the second flaw discovered in Rank Math plugin could allow unauthenticated attackers to create redirects from almost any location on the site to any destination of their choice.

"This attack could be used to prevent access to all of a site’s existing content, except for the homepage, by redirecting visitors to a malicious site,” said Defiant’s QA Ram Gall in a blog post.

The bug resides in one of the modules of Rank Math and impacts versions prior to 1.0.40.2.

Addressing the flaws
These versions have been fully patched in version 1.0. 41.1. It is strongly recommended that all users using the plugin should upgrade to the latest version to prevent attacks arising from these flaws.