The Rank Math plugin up to and including 1.0.40.2 for WordPress allows unauthenticated remote malicious users to create new URIs (that redirect to an external web site) via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an "Open Redirect" issue; instead, it allows the malicious user to create a new URI with an arbitrary name (e.g., the /exampleredirect URI).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
rankmath seo |