CVE-2024-13229
📋 TL;DR
The Rank Math SEO WordPress plugin has an authorization vulnerability that allows authenticated users with Contributor-level access or higher to delete schema metadata from any post. This affects all WordPress sites using Rank Math SEO plugin versions up to 1.0.235. The vulnerability stems from missing capability checks in the update_metadata() function.
💻 Affected Systems
- Rank Math SEO - AI SEO Tools to Dominate SEO Rankings
📦 What is this software?
Seo by Rankmath
⚠️ Risk & Real-World Impact
Worst Case
Malicious contributors could systematically delete SEO metadata across all posts, damaging search engine rankings and requiring manual restoration of metadata.
Likely Case
Disgruntled or compromised contributor accounts delete SEO metadata from important posts, causing temporary SEO disruption until detected and restored.
If Mitigated
With proper user access controls and monitoring, impact is limited to minor metadata loss on a few posts before detection.
🎯 Exploit Status
Exploitation requires authenticated access but is technically simple once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.0.236 and later
Vendor Advisory: https://rankmath.com/changelog/free/page/2/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Rank Math SEO plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 1.0.236+ from WordPress.org and manually update.
🔧 Temporary Workarounds
Restrict Contributor Access
allTemporarily remove Contributor role access or downgrade suspicious users to Subscriber role until patched.
Disable Plugin
allTemporarily deactivate Rank Math SEO plugin if SEO functionality can be sacrificed temporarily.
🧯 If You Can't Patch
- Implement strict user access controls and monitor contributor activity closely
- Regularly backup WordPress database and files to enable metadata restoration if deleted
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins → Rank Math SEO version. If version is 1.0.235 or lower, you are vulnerable.Check Version:
wp plugin list --name='seo-by-rank-math' --field=versionVerify Fix Applied:
After updating, verify Rank Math SEO plugin version is 1.0.236 or higher in WordPress admin plugins page.📡 Detection & Monitoring
Log Indicators:
- Unusual metadata deletion events in WordPress logs
- Multiple schema metadata deletions by contributor accounts
Network Indicators:
- POST requests to /wp-json/rankmath/v1/updateMeta endpoint from contributor accounts
SIEM Query:
source="wordpress" AND (event="metadata_deletion" OR endpoint="/wp-json/rankmath/v1/updateMeta") AND user_role="contributor"🔗 References
- https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L169
- https://plugins.trac.wordpress.org/changeset/3222905/
- https://rankmath.com/changelog/free/page/2/
- https://wordpress.org/plugins/seo-by-rank-math/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/5776f689-56dd-413d-b02d-5551b97dd5eb?source=cve
