A second vulnerability could be used to prevent access to almost all of a site’s existing content, by simply redirecting visitors. A pair of security vulnerabilities in the WordPress search engine optimization (SEO) plugin, known as Rank Math, could allow remote cybercriminals to elevate privileges and install malicious redirects onto a target site, according to researchers. It’s a WordPress plugin with more than 200,000 installations. According to researchers with Wordfence, one of the flaws is critical (10 out of 10 on the CVSSv3 vulnerability severity scale). It could allow an unauthenticated attacker to update arbitrary metadata. This can be abused to grant or revoke administrative privileges for any registered user on the site.
Source: Threatpost
