CVE-2024-9161 Scanner
CVE-2024-9161 Scanner - Missing Authorization vulnerability in Rank Math SEO plugin for WordPress
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
24 days 19 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
Rank Math SEO plugin for WordPress is a popular tool used by website owners, bloggers, and digital marketers to enhance the search engine optimization (SEO) of their websites. It provides various SEO features such as keyword optimization, sitemap generation, and on-page SEO analysis, helping users improve their site's ranking on search engines. The plugin is particularly favored among WordPress users due to its user-friendly interface and integration capabilities. It supports multiple websites and offers advanced options for those looking to optimize their site's visibility. Rank Math helps diagnose SEO issues and provides actionable suggestions, making it a preferred choice for SEO enhancement.
The detected vulnerability in Rank Math SEO plugin involves missing authorization checks within the 'update_metadata' function. This flaw allows unauthenticated attackers to insert, update, or delete metadata without the necessary permissions. The vulnerability affects user and term metadata, which could lead to data loss or unauthorized access changes. This failure to properly validate authentication measures can leave websites vulnerable to manipulation. If exploited, attackers can execute unauthorized operations, severely impacting the site's integrity and access control. Ensuring authorization checks are in place is crucial for maintaining security.
Technically, the vulnerability involves inadequate capability checks on metadata operations. The plugin allows HTTP requests to be sent to specific endpoints, such as 'updateMeta', without requiring proper authentication. These endpoints accept parameters for metadata types and values that can be manipulated by attackers. The plugin does not verify the legitimacy of requests for these operations. A successful attack relies on crafting specific requests to manipulate the internal metadata structures. The presence of JSON responses indicates acceptance of crafted malicious requests, undermining security protocols.
Exploiting this vulnerability could lead to several negative consequences, including data manipulation or deletion. Malicious actors may insert misleading information or erase critical data, causing administration and management challenges. Potential denial of access to legitimate users is another risk, as attackers alter user metadata. Widespread exploitation might disrupt the SEO capabilities of affected websites, undermining their search engine presence. Additionally, loss of trust from users or clients due to perceived negligence in data security could occur.
REFERENCES
- https://wpscan.com/vulnerability/95be2559-f0e2-4e98-9bef-3989df0d25bf/
- https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L120
- https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L161
- https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L162
- https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L64
