CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11620 – WordPress Rank Math SEO plugin <= 1.0.231 - Arbitrary .htaccess Overwrite to Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-11620
Improper Control of Generation of Code ('Code Injection') vulnerability in Rank Math SEO allows Code Injection.This issue affects Rank Math SEO: from n/a through 1.0.231. La vulnerabilidad de control inadecuado de generación de código ('Inyección de código') en Rank Math SEO permite la inyección de código. Este problema afecta a Rank Math SEO: desde n/a hasta 1.0.231. The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.231. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server. • https://patchstack.com/database/wordpress/plugin/seo-by-rank-math/vulnerability/wordpress-rank-math-seo-plugin-1-0-231-arbitrary-htaccess-overwrite-to-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23888 – WordPress Rank Math SEO plugin <= 1.0.107.2 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2023-23888
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rank Math Rank Math SEO allows Path Traversal.This issue affects Rank Math SEO: from n/a through 1.0.107.2. Limitación incorrecta de un nombre de ruta a una vulnerabilidad de directorio restringido ("Path Traversal") en Rank Math Rank Math SEO permite Path Traversal. Este problema afecta a Rank Math SEO: desde n/a hasta 1.0.107.2. The RankMath SEO plugin for WordPress is vulnerable to Local File Inclusion via the 'update_schemas' and 'get_snippet_content' functions. This allows authenticated attackers, with contributor-level permissions and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. • https://patchstack.com/database/vulnerability/seo-by-rank-math/wordpress-rank-math-seo-plugin-1-0-107-2-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •