CVE-2025-12714— Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.271 - Missing Authorization to Unauthenticated Homepage Settings Modification
Possible ATT&CK Techniques 3AI
T1059.007 · JavaScript T1552.003 · Shell History T1505.003 · Web ShellAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| rankmath | Rank Math SEO – AI SEO Tools to Dominate SEO Rankings | ≤ 1.0.271 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-12714
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.271 - Missing Authorization to Unauthenticated Homepage Settings Modification
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the update_site_editor_homepage function in all versions up to, and including, 1.0.271. This makes it possible for unauthenticated attackers to modify several plugin settings including homepage title, meta description, breadcrumbs label, and social media metadata, which can have severe impact on SEO rankings and display malicious content across all site pages where breadcrumbs are used.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制缺失
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| rankmath | Rank Math SEO – AI SEO Tools to Dominate SEO Rankings | 0 ~ 1.0.271 | - |
II. Public POCs for CVE-2025-12714
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-12714
请登录查看更多情报信息。
Patches & Fixes for CVE-2025-12714 (3)
Other References for CVE-2025-12714 (1)
Other References for CVE-2025-12714 (1)
IV. Related Vulnerabilities
Same product: Rank Math SEO – AI SEO Tools to Dominate SEO Rankings
- CVE-2024-13229
Rank Math SEO <= 1.0.235 - Missing Authorization to Authenti - CVE-2024-13227
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0 - CVE-2024-9314
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0 - CVE-2024-9161
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0 - CVE-2024-4617
Rank Math SEO with AI Best SEO Tools <= 1.0.218 - Authentica
Same vendor: rankmath
- CVE-2024-13229
Rank Math SEO <= 1.0.235 - Missing Authorization to Authenti - CVE-2024-13227
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0 - CVE-2024-9314
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0 - CVE-2024-9161
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0 - CVE-2024-4617
Rank Math SEO with AI Best SEO Tools <= 1.0.218 - Authentica
V. Comments for CVE-2025-12714
No comments yet