CVE-2024-9161 PoC — Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.228 - Missing Authorization to Unauthenticated User and Ter

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-9161.yaml

Associated Vulnerability

Title:Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.228 - Missing Authorization to Unauthenticated User and Term Metadata Insert, Update, and Delete (CVE-2024-9161)
Description:The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'update_metadata' function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated attackers to insert new and update existing metadata beginning with 'rank_math', and delete arbitrary existing user metadata and term metadata. Deleting existing usermeta can cause a loss of access to the administrator dashboard for any registered users, including Administrators.

Description

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress contains a missing capability check on 'update_metadata' in all versions up to 1.0.228, letting unauthenticated attackers insert, update, or delete metadata, including user and term metadata, potentially causing loss of access to the admin dashboard.

File Snapshot


 id: CVE-2024-9161

info:
  name: Rank Math SEO < 1.0.229 - Unauthenticated User and Term Metadata In

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!