CVE-2020-11514

Опубликовано: 07 апр. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint.

Ссылки

https://rankmath.com/changelog/
Product
Release Notes
https://wordpress.org/plugins/seo-by-rank-math/#developers
Product
https://www.wordfence.com/blog/2020/03/critical-vulnerabilities-affecting-over-200000-sites-patched-in-rank-math-seo-plugin/
Exploit
Third Party Advisory
https://rankmath.com/changelog/
Product
Release Notes
https://wordpress.org/plugins/seo-by-rank-math/#developers
Product
https://www.wordfence.com/blog/2020/03/critical-vulnerabilities-affecting-over-200000-sites-patched-in-rank-math-seo-plugin/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rankmath:seo:*:*:*:*:free:wordpress:*:*

Версия до 1.0.40.2 (включая)

EPSS

Процентиль: 98%

0.56628

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-862

Связанные уязвимости

GHSA-c2qp-gp7h-j46p