Critical Security Flaw in Rank Math WordPress SEO Plugin Puts 2 Million Sites at Risk

Critical Security Flaw in Rank Math WordPress SEO Plugin Puts 2 Million Sites at Risk

Discover the latest warning from security experts regarding an XSS vulnerability found in the popular Rank Math SEO plugin, impacting over 2 million WordPress websites. Stay informed to protect your site from potential cyber threats.

Rank Math SEO Plugin

Rank Math SEO plugin, which boasts over 2 million users, has recently fixed a Stored Cross-Site Scripting vulnerability. This vulnerability could allow attackers to upload harmful scripts and carry out attacks.

Rank Math is a widely-used SEO plugin with over 2 million installations. It offers a wide range of functions such as keyword tracking, integration with Schema.org structured data, Google Search Console and Analytics integration, a redirect manager, and more. This makes it a comprehensive solution for technical and on-page SEO without the need for additional plugins.

One feature that users love is its modular design, allowing users to select the features they need and disable those they don't. This can help optimize website performance and speed.

Many people consider Rank Math as a substitute for Yoast. When comparing the two, it is evident that Rank Math is smaller, with 61.1k lines of code compared to Yoast's 97.1k lines. Additionally, Rank Math utilizes fewer server resources, only requiring +0.35 MB of memory as opposed to Yoast's +1.62 MB.

Authenticated Stored Cross-Site Scripting

Wordfence WordPress security researchers recently released an advisory regarding a vulnerability found in the Rank Math SEO plugin. This vulnerability has the potential to create a stored Cross Site Scripting (XSS) vulnerability.

A stored XSS vulnerability can be exploited by attackers to upload harmful scripts, targeting browsers. This can lead to the theft of session cookies, providing unauthorized access to websites and potentially compromising sensitive data.

Lack of Proper Input Sanitization and Output Escaping

The vulnerability stems from a lack of proper input sanitization and output escaping. This is a common cause of XSS vulnerabilities, especially in plugins that permit users to upload or input data.

Sanitizing input data is important to filter out unwanted types of input, such as scripts or HTML, when only text inputs are expected. Output escaping helps validate website output to prevent malicious scripts from reaching a website browser. Wordfence issued a warning about this.

The Rank Math SEO with AI SEO Tools plugin for WordPress has a security issue. It is vulnerable to Stored Cross-Site Scripting through the HowTo block attributes in versions up to 1.0.214. This is because the plugin does not properly sanitize input and escape output for user-supplied attributes.

As a result, authenticated attackers with contributor-level access or higher can insert harmful web scripts into pages. These scripts will run whenever a user visits the affected page.

Rank Math’s update changelog is transparent and responsible, detailing the changes made in the plugin and the reasons behind them. This helps users understand the significance of each update and enables them to decide how urgently they need to update.

Furthermore, the changelog clearly identifies any vulnerabilities that have been fixed.

"Enhanced the security of the HowTo Block plugin to protect against any misuse by users with post edit access. A big thank you to WordFence for identifying and reporting this issue responsibly."

Read the official Wordfence advisory:

Rank Math SEO with AI SEO Tools <= 1.0.214 – Authenticated(Contributor+) Stored Cross-Site Scripting via HowTo block attributes

See also:

The WordPress Security Guide To Keep Your Site Safe

WordPress Security: 16 Steps to Secure & Protect Your Site

Featured Image by Shutterstock/Roman Samborskyi

Editor's P/S:

This article highlights a critical vulnerability that affected the widely-used Rank Math SEO plugin, emphasizing the importance of proper input sanitization and output escaping to prevent stored XSS vulnerabilities. The disclosure of this vulnerability underscores the ongoing challenges in maintaining software security and the need for developers to prioritize security measures.

It is commendable that the Rank Math team promptly addressed the vulnerability and released a transparent changelog detailing the security enhancements. This demonstrates their commitment to user security and provides valuable information for website owners to make informed decisions about updating their plugins. The incident also serves as a reminder to website owners to regularly check for updates and apply security patches to protect their websites from potential threats. commendable, demonstrating the importance of responsible disclosure and cooperation in the security community.