Rank Math SEO Plugin vulnerabilities put over 200,000 WordPress sites at risks
WordPress (WP, WordPress.org) is a free and open-source content management system (CMS) written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system, referred to within WordPress as Themes. WordPress was originally created as a blog-publishing system but has evolved to support other types of web content including more traditional mailing lists and forums, media galleries, membership sites, learning management systems (LMS), and online stores. WordPress is used by more than 60 million websites, including 33.6% of the top 10 million websites as of April 2019, WordPress is one of the most popular content management system solutions in use. WordPress has also been used for other application domains such as pervasive display systems (PDS). If you have a WordPress site and want to earn money, please read this page to get more information.
Recently, Wordfence researchers found two vulnerabilities in the Rank Math WordPress SEO plugin. According to research, hackers can hijack 200,000 vulnerable websites through these two vulnerabilities and gain remote access.
It is reported that Rank Math WordPress plugin for writing SEO-friendly content and ranking higher in search engines. It is understood that one of Rank Math’s SEO functions is to allow users to update the metadata on posts. In order to use this function, the plugin registers a “REST-API” endpoint, “rankmath/v1/updateMeta, which failed to include a permission_callback used for capability checking.”
It is reported that the first vulnerability is also the most serious, and it allows attackers to update arbitrary metadata, including the ability to grant or revoke administrator rights. According to the WordFence report, WordPress user permissions are stored in the “usermeta” form library, which means that an unauthenticated attacker can grant any registered user administrative permissions and delete the existing administrator permissions. If the site has only a single administrative authority, then the attacker can lock its administrator out of his site.
The second vulnerability in the module can be used to create a “redirect” on the site, and the feature can be used by registering a REST-API endpoint. The researchers said that due to the impact caused by the vulnerability is very large, users can not set the “redirect” on the server’s existing folder or site home page. However, an attacker can create a “redirect” from most locations on the site, and can also set access permissions to existing content on the locked site other than the homepage, and “redirect” the visitor to a malicious site which was hosted by the attacker.