Browse all 4 CVE security advisories affecting Rank Math. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Rank Math is a WordPress SEO plugin that helps optimize content for search engines. Historically, it has been susceptible to cross-site scripting (XSS) and remote code execution (RCE) vulnerabilities, often through insufficient input sanitization and improper access controls. In 2021, a critical RCE flaw (CVE-2021-24796) allowed attackers to execute arbitrary code via the plugin's import functionality. The plugin has also faced privilege escalation issues where lower-privileged users could access sensitive features. While no major public breaches have been widely documented, its four CVEs highlight ongoing security challenges in handling user inputs and maintaining proper access controls within WordPress environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-23888 | WordPress Rank Math SEO plugin <= 1.0.107.2 - Local File Inclusion vulnerability — Rank Math SEOCWE-22 | 7.6 | High | 2024-05-17 |
| CVE-2023-32600 | WordPress Rank Math SEO Plugin <= 1.0.119 is vulnerable to Cross Site Scripting (XSS) — Rank Math SEOCWE-79 | 6.5 | Medium | 2023-08-05 |
This page lists every published CVE security advisory associated with Rank Math. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.