CVE-2020-11514
First published: Tue Apr 07 2020(Updated: )
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rank Math SEO | <=1.0.40.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-11514?
CVE-2020-11514 is considered a critical vulnerability that allows unauthenticated remote attackers to manipulate WordPress metadata.
How do I fix CVE-2020-11514?
To fix CVE-2020-11514, update the Rank Math plugin to version 1.0.40.3 or later.
What can attackers do with CVE-2020-11514?
Attackers can exploit CVE-2020-11514 to update arbitrary WordPress metadata, potentially escalating privileges for existing users.
Which version of Rank Math is affected by CVE-2020-11514?
CVE-2020-11514 affects Rank Math plugin versions up to and including 1.0.40.2.
Is authentication required to exploit CVE-2020-11514?
No, CVE-2020-11514 can be exploited by unauthenticated remote attackers.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/references
- agent/last-modified-date
- agent/severity
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/rankmath
- canonical/rank math seo
- version/rank math seo/1.0.40.2