Browse all 4 CVE security advisories affecting Rank Math. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Rank Math is a WordPress SEO plugin that helps optimize content for search engines. Historically, it has been susceptible to cross-site scripting (XSS) and remote code execution (RCE) vulnerabilities, often through insufficient input sanitization and improper access controls. In 2021, a critical RCE flaw (CVE-2021-24796) allowed attackers to execute arbitrary code via the plugin's import functionality. The plugin has also faced privilege escalation issues where lower-privileged users could access sensitive features. While no major public breaches have been widely documented, its four CVEs highlight ongoing security challenges in handling user inputs and maintaining proper access controls within WordPress environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-36376 | WordPress Rank Math SEO plugin <= 1.0.95 - Server-Side Request Forgery (SSRF) vulnerability — Rank Math SEO (WordPress plugin)CWE-918 | 6.8 | Medium | 2022-09-09 |
This page lists every published CVE security advisory associated with Rank Math. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.