CVE-2020-11514
published 2020-04-07CVE-2020-11514: The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to…
PriorityP185critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
9.11%
94.7th percentile
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rankmath | seo | <= 1.0.40.2 | — |
Detection & IOCsextracted from sources · hover to see the quote
path/wp-content/plugins/seo-by-rank-math/readme.txt
path/wp-content/plugins/seo-by-rank-math/
commandPOST /wp-json/rankmath/v1/updateMeta HTTP/1.1
- →Detect unauthenticated POST requests to the /wp-json/rankmath/v1/updateMeta endpoint; no authentication headers are required, making any such request from an external IP suspicious. ↗
- →Alert on POST request bodies to /wp-json/rankmath/v1/updateMeta containing the 'rank_math_capabilities' meta key, which is the mechanism used to escalate or revoke WordPress user privileges.
- →A JSON response body containing literal 'true' with HTTP 200 and Content-Type application/json from /wp-json/rankmath/v1/updateMeta indicates successful exploitation.
- →Presence of /wp-content/plugins/seo-by-rank-math/readme.txt returning HTTP 200 and body containing 'Rank Math' confirms the vulnerable plugin is installed and active on the target.
- ·The vulnerability affects Rank Math SEO plugin versions up to and including 1.0.40.2; version 1.0.41 and later are patched. Ensure version checks are scoped accordingly.
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c2qp-gp7h-j46p: The Rank Math plugin through 1
ghsa_unreviewed·2022-05-24
CVE-2020-11514 [HIGH] CWE-269 GHSA-c2qp-gp7h-j46p: The Rank Math plugin through 1
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint.
VulnCheck
Rank Math seo Missing Authorization
vulncheck·2020·CVSS 9.8
CVE-2020-11514 [CRITICAL] Rank Math seo Missing Authorization
Rank Math seo Missing Authorization
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint.
Affected: Rank Math seo
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/seo-by-rank-math/rank-math-seo-10402-privilege-escalation-via-unprotected-rest-api-endpoint; https://app.crowdsec.net/cti/cve-explorer/CVE-2020-11514
No detection rules found.
Nuclei
Rank Math SEO <= 1.0.40.2 - Privilege Escalation via Unprotected REST API Endpoint
nuclei·CVSS 9.8
CVE-2020-11514 [CRITICAL] Rank Math SEO <= 1.0.40.2 - Privilege Escalation via Unprotected REST API Endpoint
Rank Math SEO <= 1.0.40.2 - Privilege Escalation via Unprotected REST API Endpoint
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint.
Template:
id: CVE-2020-11514
info:
name: Rank Math SEO <= 1.0.40.2 - Privilege Escalation via Unprotected REST API Endpoint
author: s4e-io
severity: critical
description: |
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMe
No writeups or analysis indexed.
https://rankmath.com/changelog/https://wordpress.org/plugins/seo-by-rank-math/#developershttps://www.wordfence.com/blog/2020/03/critical-vulnerabilities-affecting-over-200000-sites-patched-in-rank-math-seo-plugin/https://rankmath.com/changelog/https://wordpress.org/plugins/seo-by-rank-math/#developershttps://www.wordfence.com/blog/2020/03/critical-vulnerabilities-affecting-over-200000-sites-patched-in-rank-math-seo-plugin/
2020-04-07
Published
Exploited in the wild