PT-2026-1587 · WordPress · Rankology Seo/Analytics Tool Plugin+1
Sangnq29
·
Publicado
2026-01-07
·
Atualizado
2026-01-07
·
CVE-2025-12958
CVSS v3.1
2.7
Baixa
| Vetor | AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Rankology SEO and Analytics Tool versions prior to 2.1
Description
The Rankology SEO and Analytics Tool plugin for WordPress has an issue where data can be modified without proper authorization. This is due to a flawed capability check on the 'rankology code block' page. Authenticated attackers with Editor-level access or higher can add header and footer code blocks. The vulnerable component is the capability check on the
/rankology code block API endpoint. The vulnerable parameter is the ability to add code blocks.Recommendations
Update to version 2.1 or later.
Correção
Improper Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Rankology Seo/Analytics Tool
Rankology Seo/Analytics Tool Plugin