CVE-2020-11515

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Rank Math plugin versions 1.0.40.2 and earlier

Description The issue allows unauthenticated remote attackers to create new URIs that redirect to an external web site via the unsecured "rankmath/v1/updateRedirection" REST API endpoint. This enables attackers to create a new URI with an arbitrary name.

Recommendations For Rank Math plugin versions 1.0.40.2 and earlier, consider disabling access to the "rankmath/v1/updateRedirection" REST API endpoint until a patch is available. Restrict the ability to create new URIs to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2020-11515

Affected Products

Rank Math

CVE-2020-11515

Weakness Enumeration

Related Identifiers

Affected Products

References · 8