Wordfence researchers discovered two vulnerabilities in the Rank Math WordPress SEO plugin . According to research, hackers can hijack 200,000 vulnerable websites and gain remote access through these two vulnerabilities.
According to reports, the Rank Math WordPress plugin can be used to write SEO friendly content and rank higher in search engines. It is understood that one of Rank Math's SEO features is to allow users to update metadata in posts. In order to use this function, the plugin registers a "REST-API" Endpoint, "rankmath / v1 / updateMeta, which does not include permission_callback for performance checking."
According to reports, the first vulnerability is also the most serious, and it allows attackers to update arbitrary metadata, including the ability to grant or revoke administrator rights. According to the WordFence report, WordPress user permissions are stored in the "usermeta" form library, which means that an unauthenticated attacker can grant any registered user administrative permissions and remove existing administrator permissions. If the site has only one administrative authority, an attacker can lock his administrator out of his site.
The second vulnerability in this module can be used to create "redirects" on the site, and this feature can be used by registering REST-API Endpoint. Researchers say that due to the impact of the vulnerability, users cannot set up "redirection" on the server's existing folder or on the site's homepage. However, an attacker can create a "redirect" from most locations on the site, and can also set up access to existing content on the locked site other than the home page, and "redirect" the visitor to an attacker-hosted Malicious site.