CVE-2024-11620: WordPress Rank Math SEO plugin <= 1.0.231 - Arbitrary .htaccess Overwrite to Remote Code Execution (RCE) vulnerability

7.2 CVSS

Description

Improper Control of Generation of Code ('Code Injection') vulnerability in Rank Math SEO allows Code Injection.This issue affects Rank Math SEO: from n/a through 1.0.231.

Classification

CVE ID: CVE-2024-11620

CVSS Base Severity: HIGH

CVSS Base Score: 7.2

Affected Products

Vendor: Rank Math SEO

Product: Rank Math SEO

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://patchstack.com/database/wordpress/plugin/seo-by-rank-math/vulnerability/wordpress-rank-math-seo-plugin-1-0-231-arbitrary-htaccess-overwrite-to-remote-code-execution-rce-vulnerability?_s_id=cve

Timeline

2024-11-29 00:10:21 UTC
CVE

WordPress Rank Math SEO plugin <= 1.0.231 - Arbitrary .htaccess Overwrite to Remote Code Execution (RCE) vulnerability