CVE-2020-11514 Scanner

The Rank Math SEO plugin is a popular WordPress plugin used by website administrators, marketers, and bloggers to optimize their sites for search engines. It provides various tools for SEO, such as keyword optimization, SEO analysis, and sitemap generation, enhancing the website's visibility. The plugin is used globally across numerous sites to increase organic traffic and improve visibility on search engine results pages. Although it offers extensive SEO features, users need to ensure its security configurations are regularly updated. Failure to do so can expose sites to vulnerabilities, especially since it is widely deployed across various industries. As such, security and functionality updates are essential to maintain the integrity and performance of websites using this plugin.

The privilege escalation vulnerability in Rank Math SEO arises due to an unprotected REST API endpoint. It allows unauthenticated attackers to update arbitrary WordPress metadata, leading to the escalation or revocation of administrative privileges for existing users. This issue is critical as it permits unauthorized users to potentially gain administrator-level access. Such access can be devastating for websites as it grants significant control over the WordPress environment. The vulnerability, if left unaddressed, can lead to severe security breaches on sites using vulnerable versions of the plugin. Thus, adhering to timely updates and patches is necessary to prevent exploitation.

The vulnerability exists in the unsecured rankmath/v1/updateMeta REST API endpoint, which lacks proper authorization checks. Attackers can craft a POST request to this endpoint with the purpose of modifying metadata associated with users, especially their permissions and roles. The endpoint does not sufficiently verify the authenticity of incoming requests. Consequently, it allows threat actors to specify arbitrary rank or permission levels, effectively leveraging unauthorized privilege escalation. This technical oversight in the API configuration stems from inadequate protective measures that should typically safeguard sensitive operations involving user metadata updates.

Exploitation of this vulnerability can result in attackers gaining unauthorized administrator-level access, potentially leading to a full takeover of the affected WordPress site. Such control enables malicious actors to install backdoors, modify existing content, and steal data. The attacker can also revoke administrative privileges from legitimate users, effectively locking them out and maintaining continuous unauthorized access. Failure to address this vulnerability can hence lead to severe data breaches, content manipulation, and reputational damage for the site owner. Therefore, urgent attention to maintaining updated plugins is crucial in mitigating such risks.

REFERENCES

• https://www.wordfence.com/blog/2020/03/critical-vulnerabilities-affecting-over-200000-sites-patched-in-rank-math-seo-plugin/
• https://rankmath.com/changelog/
• https://wordpress.org/plugins/seo-by-rank-math/#developers