Rank Math is a WordPress SEO plugin that offers various SEO features such as Setup Wizard, Google Schema Markup, Optimizes Limitless Keywords with 200,000 active users. The first vulnerability, including the ability to grant or revoke administrative rights, is the most critical that enables attackers to change arbitrary Metadata. Here is the steps to fix admin login hack issue. The second weakness allows attackers to forward victims to any website and anywhere on the internet. One of the SEO features in Rank Math enables users to update Metadata on the post. To use this function, a REST-API endpoint has been registered, which could not be used for permission callback checking. A “update_metadata” feature that can be seen on the image below can be used to check the current slow posts or to delete or update posting metadata that allows and can be abused by this crucial vulnerability. Vulnerable REST route The attacker could lock an administrator out of his website if the site has the single administrative right. The second limitation that occurs in an on-site redirect module is the functionality that can be used when a REST-API endpoint is registered, which can not again include permission callback to validate the capacity. The attacker would also lock up the existing content on the internet, other than the home page, and redirect all users to the attacker’s malicious website. According to the researchers “The redirect could not be set to an existing file or folder on the server, including the site’s main page. This limited the damage to some extent in that, while an attacker could create a redirect from most locations on the site, including new location”
