CVE-2020-11514

Name of the Vulnerable Software and Affected Versions Rank Math plugin versions 1.0.40.2 and earlier

Description The issue allows unauthenticated remote attackers to update arbitrary WordPress metadata. This includes the ability to escalate or revoke administrative privileges for existing users. The exploitation occurs via the unsecured "rankmath/v1/updateMeta" API endpoint.

Recommendations For Rank Math plugin versions 1.0.40.2 and earlier, update to a version later than 1.0.40.2 to resolve the issue. As a temporary workaround, consider restricting access to the "rankmath/v1/updateMeta" API endpoint until a patch is available.