Wordfence researchers found two vulnerabilities in the Rank Math WordPress SEO plugin. According to research, hackers can hijack 200,000 vulnerable websites through these two vulnerabilities and gain remote access.
It is reported that Rank Math WordPress plugin for writing SEO-friendly content and ranking higher in search engines
. It is understood that one of Rank Math’s SEO functions is to allow users to update the metadata on posts. In order to use this function, the plugin registers a “REST-API” endpoint, “rankmath/v1/updateMeta, which failed to include a permission_callback used for capability checking.”
It is reported that the first vulnerability is also the most serious, and it allows attackers to update arbitrary metadata, including the ability to grant or revoke administrator rights. According to the WordFence report, WordPress user permissions are stored in the “usermeta” form library, which means that an unauthenticated attacker can grant any registered user administrative permissions and delete the existing administrator permissions. If the site has only a single administrative authority, then the attacker can lock its administrator out of his site.
The second vulnerability in the module can be used to create a “redirect” on the site, and the feature can be used by registering a REST-API endpoint. The researchers said that due to the impact caused by the vulnerability is very large, users can not set the “redirect” on the server’s existing folder or site home page. However, an attacker can create a “redirect” from most locations on the site, and can also set access permissions to existing content on the locked site other than the homepage, and “redirect” the visitor to maliciously site which was hosted by the attacker.
The post Rank Math SEO Plugin vulnerabilities put over 200,000 WordPress sites at risks appeared first on InfoTech News.