Skip to main content

Rank Math Seo

1 CVEs product

Monthly

CVE-2026-34892 MEDIUM This Month

Broken access control in the Rank Math SEO WordPress plugin (versions ≤ 1.0.271) allows authenticated subscribers to invoke privileged functionality beyond their authorization level. The missing authorization check (CWE-862) permits low-privileged WordPress Subscriber-role users to manipulate SEO settings or execute actions normally gated to editors or administrators, with a confirmed High integrity impact per CVSS. No active exploitation has been confirmed by CISA KEV and no public exploit code has been identified at time of analysis.

Authentication Bypass Rank Math Seo
NVD
CVSS 3.1
6.5
EPSS
0.3%
EPSS 0% CVSS 6.5
MEDIUM This Month

Broken access control in the Rank Math SEO WordPress plugin (versions ≤ 1.0.271) allows authenticated subscribers to invoke privileged functionality beyond their authorization level. The missing authorization check (CWE-862) permits low-privileged WordPress Subscriber-role users to manipulate SEO settings or execute actions normally gated to editors or administrators, with a confirmed High integrity impact per CVSS. No active exploitation has been confirmed by CISA KEV and no public exploit code has been identified at time of analysis.

Authentication Bypass Rank Math Seo
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy