CVE-2020-11515
published 2020-04-07CVE-2020-11515: The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that redirect to an external web site) via the…
PriorityP179medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
2.07%
79.1th percentile
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that redirect to an external web site) via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an "Open Redirect" issue; instead, it allows the attacker to create a new URI with an arbitrary name (e.g., the /exampleredirect URI).
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rankmath | seo | <= 1.0.40.2 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated POST requests to the WordPress REST API endpoint /wp-json/rankmath/v1/updateRedirection with a JSON body containing 'redirectionUrl', 'redirectionSources', and 'hasRedirect' fields — no authentication required for exploitation. ↗
- →Presence of the plugin directory /wp-content/plugins/seo-by-rank-math/ on a WordPress site indicates potential exposure; use PublicWWW or web crawling to identify affected installations. ↗
- ·The vulnerable REST API endpoint rankmath/v1/updateRedirection is unprotected (no authentication required) only in Rank Math SEO plugin versions up to and including 1.0.40.2; versions 1.0.41 and later are patched. ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f2g3-6rq6-34pc: The Rank Math plugin through 1
ghsa_unreviewed·2022-05-24
CVE-2020-11515 [MEDIUM] CWE-601 GHSA-f2g3-6rq6-34pc: The Rank Math plugin through 1
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that redirect to an external web site) via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an "Open Redirect" issue; instead, it allows the attacker to create a new URI with an arbitrary name (e.g., the /exampleredirect URI).
VulnCheck
Rank Math seo URL Redirection to Untrusted Site ('Open Redirect')
vulncheck·2020·CVSS 6.1
CVE-2020-11515 [MEDIUM] Rank Math seo URL Redirection to Untrusted Site ('Open Redirect')
Rank Math seo URL Redirection to Untrusted Site ('Open Redirect')
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that redirect to an external web site) via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an "Open Redirect" issue; instead, it allows the attacker to create a new URI with an arbitrary name (e.g., the /exampleredirect URI).
Affected: Rank Math seo
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/seo-by-rank-math/rank-math-seo-10402-redirect-creation-via-unprotected-
No detection rules found.
Nuclei
Rank Math SEO <= 1.0.40.2 - Redirect Creation via Unprotected REST API Endpoint
nuclei·CVSS 6.1
CVE-2020-11515 [MEDIUM] Rank Math SEO <= 1.0.40.2 - Redirect Creation via Unprotected REST API Endpoint
Rank Math SEO <= 1.0.40.2 - Redirect Creation via Unprotected REST API Endpoint
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that redirect to an external web site) via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an "Open Redirect" issue; instead, it allows the attacker to create a new URI with an arbitrary name (e.g., the /exampleredirect URI).
Template:
id: CVE-2020-11515
info:
name: Rank Math SEO <= 1.0.40.2 - Redirect Creation via Unprotected REST API Endpoint
author: s4e-io
severity: medium
description: |
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that redirect to an external web site) via the unsecure
No writeups or analysis indexed.
https://rankmath.com/changelog/https://wordpress.org/plugins/seo-by-rank-math/#developershttps://www.wordfence.com/blog/2020/03/critical-vulnerabilities-affecting-over-200000-sites-patched-in-rank-math-seo-plugin/https://rankmath.com/changelog/https://wordpress.org/plugins/seo-by-rank-math/#developershttps://www.wordfence.com/blog/2020/03/critical-vulnerabilities-affecting-over-200000-sites-patched-in-rank-math-seo-plugin/
2020-04-07
Published
Exploited in the wild