CVE-2024-9161
published 2024-10-05CVE-2024-9161: The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing…
PriorityP276medium6.5CVSS 3.1
AVNACLPRNUINSUCNILAL
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
2.04%
78.8th percentile
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'update_metadata' function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated attackers to insert new and update existing metadata beginning with 'rank_math', and delete arbitrary existing user metadata and term metadata. Deleting existing usermeta can cause a loss of access to the administrator dashboard for any registered users, including Administrators.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rankmath | rank_math_seo_ai_seo_tools_to_dominate_seo_rankings | <= 1.0.228 | — |
| rankmath | seo | < 1.0.229 | 1.0.229 |
Detection & IOCsextracted from sources · hover to see the quote
commandPOST /wp-json/rankmath/v1/updateMeta with objectType=user, objectID, meta containing rank_math-prefixed keys↗
- →Detect unauthenticated POST requests to the /wp-json/rankmath/v1/updateMeta REST endpoint; no authentication headers should be present for malicious requests. ↗
- →Look for JSON POST bodies to /wp-json/rankmath/v1/updateMeta containing 'objectType' set to 'user' or 'term' from unauthenticated sources. ↗
- →Probe for plugin presence by checking for HTTP 200 on /wp-content/plugins/seo-by-rank-math/readme.txt containing 'Rank Math' before exploitation attempt. ↗
- →Monitor for sudden loss of usermeta for administrator accounts (e.g., capabilities key deleted), which may indicate exploitation causing admin lockout. ↗
- ·Only metadata keys beginning with 'rank_math' can be inserted or updated; arbitrary key names cannot be written via this vulnerability. ↗
- ·Deletion of metadata is not restricted to 'rank_math'-prefixed keys — arbitrary existing user metadata and term metadata can be deleted. ↗
- ·Affected versions are all releases up to and including 1.0.228; version 1.0.229 and later are patched. ↗
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
vulncheck6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rxpx-fpwf-9q46: The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a mi
ghsa_unreviewed·2024-10-05
CVE-2024-9161 [MEDIUM] CWE-862 GHSA-rxpx-fpwf-9q46: The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a mi
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'update_metadata' function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated attackers to insert new and update existing metadata beginning with 'rank_math', and delete arbitrary existing user metadata and term metadata. Deleting existing usermeta can cause a loss of access to the administrator dashboard for any registered users, including Administrators.
VulnCheck
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings Plugin for WordPress update_metadata Function Vulnerability
vulncheck·2024·CVSS 6.5
CVE-2024-9161 [MEDIUM] Rank Math SEO – AI SEO Tools to Dominate SEO Rankings Plugin for WordPress update_metadata Function Vulnerability
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings Plugin for WordPress update_metadata Function Vulnerability
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'update_metadata' function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated attackers to insert new and update existing metadata beginning with 'rank_math', and delete arbitrary existing user metadata and term metadata. Deleting existing usermeta can cause a loss of access to the administrator dashboard for any registered users, including Administrators.
Affected: Rank Math AI SEO Tools to Dominate SEO Rankings Plugin for WordPress
Required Action: Apply rem
No detection rules found.
Nuclei
Rank Math SEO < 1.0.229 - Unauthenticated User and Term Metadata Insert/Update/Deletion
nuclei·CVSS 6.5
CVE-2024-9161 [MEDIUM] Rank Math SEO < 1.0.229 - Unauthenticated User and Term Metadata Insert/Update/Deletion
Rank Math SEO < 1.0.229 - Unauthenticated User and Term Metadata Insert/Update/Deletion
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress contains a missing capability check on 'update_metadata' in all versions up to 1.0.228, letting unauthenticated attackers insert, update, or delete metadata, including user and term metadata, potentially causing loss of access to the admin dashboard.
Template:
id: CVE-2024-9161
info:
name: Rank Math SEO < 1.0.229 - Unauthenticated User and Term Metadata Insert/Update/Deletion
author: Kazgangap
severity: medium
description: |
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress contains a missing capability check on 'update_metadata' in all versions up to 1.0.228, letting unauthenticated attackers insert,
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L120https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L161https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L162https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L64https://plugins.trac.wordpress.org/changeset/3161896/https://www.wordfence.com/threat-intel/vulnerabilities/id/7df39a64-76c5-4ebe-a271-44bd147a3a86?source=cve
2024-10-05
Published
Exploited in the wild