CVE-2024-9161

Name of the Vulnerable Software and Affected Versions Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress versions up to, and including, 1.0.228

Description The issue is caused by a missing capability check on the update metadata function, allowing unauthenticated attackers to insert new and update existing metadata beginning with rank math, and delete arbitrary existing user metadata and term metadata. This can lead to a loss of access to the administrator dashboard for any registered users, including Administrators.

Recommendations For versions up to, and including, 1.0.228, update to a version higher than 1.0.228 to resolve the issue. As a temporary workaround, consider disabling the update metadata function until a patch is available. Restrict access to metadata beginning with rank math to minimize the risk of exploitation. Avoid using the update metadata function in the affected plugin until the issue is resolved.