PT-2025-6537 · WordPress · Rank Math Seo

Craig Smith

Published

2025-02-13

Updated

2025-02-24

CVE-2024-13229

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress versions up to, and including, 1.0.235

Description The issue is related to a missing capability check on the update metadata() function, which allows authenticated attackers with Contributor-level access and above to delete any schema metadata assigned to any post. This can lead to unauthorized loss of data.

Recommendations For versions up to, and including, 1.0.235, update to a version that includes a fix for the missing capability check on the update metadata() function. As a temporary workaround, consider restricting access to the update metadata() function to prevent unauthorized deletion of schema metadata. Restrict Contributor-level access and above to minimize the risk of exploitation.

Fix

LPE

Improper Access Control

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-862

Related Identifiers

CVE-2024-13229

Affected Products

Rank Math Seo

PT-2025-6537 · WordPress · Rank Math Seo

CVE-2024-13229

Weakness Enumeration

Related Identifiers

Affected Products

References · 12