Browse all 3 CVE security advisories affecting Rank Math SEO. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Rank Math SEO is a WordPress plugin designed to optimize websites for search engines through features like meta descriptions, sitemaps, and schema markup. Historically, it has been susceptible to multiple critical vulnerabilities including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation, with three CVEs documented. The plugin's extensive functionality and broad user base have made it a target for attackers seeking to exploit these flaws for unauthorized access or website compromise. Security researchers have identified issues stemming from insufficient input validation and improper permission checks, highlighting the risks of maintaining complex SEO tools with extensive system privileges.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-64351 | WordPress Rank Math SEO plugin <= 1.0.252.1 - Sensitive Data Exposure vulnerability — Rank Math SEOCWE-201 | 4.3 | Medium | 2025-10-31 |
| CVE-2025-64350 | WordPress Rank Math SEO plugin <= 1.0.252.1 - Broken Access Control vulnerability — Rank Math SEOCWE-862 | 3.8 | Low | 2025-10-31 |
| CVE-2024-11620 | WordPress Rank Math SEO plugin <= 1.0.231 - Arbitrary .htaccess Overwrite to Remote Code Execution (RCE) vulnerability — Rank Math SEOCWE-94 | 7.2 | High | 2024-11-28 |
This page lists every published CVE security advisory associated with Rank Math SEO. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.