Primary

Context

Rank Math SEO Missing Capability Check Vulnerability Allowing Unauthorized Schema Metadata Deletion

Vulnerability

Patched

A vulnerability exists in the Rank Math SEO plugin for WordPress, specifically in versions through 1.0.235. The issue arises from a missing capability check in the update_metadata() function, which allows authenticated attackers with Contributor-level access or higher to delete schema metadata from any post. This unauthorized data loss could disrupt the SEO functionality of affected posts by removing critical schema information.

Impact

Exploitation of this vulnerability allows for the arbitrary deletion of schema metadata from posts, which could negatively affect the SEO performance of those posts by removing important structured data.

Remediation

Users can update to Rank Math SEO version 1.0.236 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

0.6

exploitability

6.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

0.6

exploitability

6.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rank Math SEO Missing Capability Check Vulnerability Allowing Unauthorized Schema Metadata Deletion

Vulnerability

Impact

Remediation

Affected Products

Rank Math SEO

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating