Improper Control of Generation of Code ('Code Injection') Vulnerability Affects Rank Math SEO
CVE-2024-11620

7.2HIGH

Key Information:

Vendor: WordPress
Status: Rank Math Seo
Vendor: CVE Published:; 28 November 2024

What is CVE-2024-11620?

An improper control of code generation vulnerability has been identified in Rank Math SEO, impacting versions up to 1.0.231. This vulnerability allows attackers to exploit code injection techniques, which can lead to unauthorized code execution within the affected product. Users of Rank Math SEO should take immediate steps to update to the latest versions and implement necessary security measures to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Rank Math SEO <= 1.0.231

References

https://patchstack.com/database/wordpress/plugin/seo-by-r...

vdb-entry

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 28, 2024
Vulnerability Reserved
Nov 22, 2024

Credit

Rafie Muhammad (Patchstack)

WordPress

What is CVE-2024-11620?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit