PT-2024-31941 · WordPress · Rank Math Seo

Dmitry Ignatyev

Published

2024-07-02

Updated

2024-07-03

CVE-2024-4627

CVSS v3.1

5.5

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Rank Math SEO WordPress plugin versions prior to 1.0.219

Description The issue allows users with access to the General Settings, by default administrators but also potentially lower roles via the Role Manager feature, to perform Stored Cross-Site Scripting attacks. This is possible even when the unfiltered html capability is disallowed, such as in a multisite setup.

Recommendations For versions prior to 1.0.219, update to version 1.0.219 or later to resolve the issue.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-4627

Affected Products

Rank Math Seo

PT-2024-31941 · WordPress · Rank Math Seo

CVE-2024-4627

Weakness Enumeration

Related Identifiers

Affected Products

References · 5