Red Security

Full Version: Critical RCE Bug in WordPress Plugin Let Hackers Gain Admin Access on 200,000 Website
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
In The Name OF Allah
Al-Salam Alekum

[Image: wordpress+plugin+bug.jpg]

I told you looks like WP having and facing a big hole Big Grin

Quote:Researchers from Wordfence uncovered two RCE vulnerabilities in WordPress SEO plugin called Rank Math let hackers hijack nearly 200,000 vulnerable Websites and gain remote access.


Rank Math is an SEO plugin for WordPress and it gives various SEO features such as Setup Wizard, Google Schema Markup, Optimizes Unlimited Keywords with 200,000 active installations.

The first vulnerability is the most critical one that allows attackers to update arbitrary metadata, including the ability to grant or revoke administrative privileges.

The second vulnerability lets attackers redirect the victims to any website for their choice and any location on the site.

Rank Math’s one of the SEO features allow users to update Metadata on the post. To use this feature, plugin registered a REST-API endpoint that failed to include a permission_callback used for capability checking.

A function called “update_metadata” which you can see in the below image is used to update the slug existing posts or could be used to delete or update metadata for posts which enable this critical vulnerability and it can be exploited



The Source
Wa Salam Alekum