{"id":2349,"date":"2024-03-28T11:22:13","date_gmt":"2024-03-28T11:22:13","guid":{"rendered":"https:\/\/certera.com\/blog\/?p=2349"},"modified":"2024-03-28T11:22:15","modified_gmt":"2024-03-28T11:22:15","slug":"rank-math-seo-plugin-vulnerability-leaves-2-million-wordpress-websites-open-to-attack","status":"publish","type":"post","link":"https:\/\/certera.com\/blog\/rank-math-seo-plugin-vulnerability-leaves-2-million-wordpress-websites-open-to-attack\/","title":{"rendered":"Rank Math SEO Plugin Vulnerability Leaves 2 million+ WordPress Websites Open to Attack"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\"><strong>The widely used Rank Math SEO plugin, which has over two million users, has addressed a Stored Cross-Site Scripting vulnerability that allows malicious scripts to be uploaded and attacks to be launched.<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Rank Math SEO plugin has been found to have a Stored Cross-Site Scripting (XSS) vulnerability that affects more than 2 million WordPress websites.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Security researchers released an advisory on this vulnerability. If an attacker manages to upload and run malicious scripts, sensitive data could be compromised.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This vulnerability, identified as CVE-2023-32600, leaves more than two million websites exposed to cyberattacks, putting the online companies and content producers that depend on this popular optimization tool in danger of security breaches.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-rank-math-seo-plugin\">Rank Math SEO Plugin<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Rank Math is a WordPress plugin that simplifies optimizing content for search engines by providing built-in suggestions based on industry-standard best practices.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">With more than 2 million installations, Rank Math is a renowned SEO plugin. It includes unbelievable capabilities, such as keyword tracking, integration with Schema.org structured information, integration with Google&#8217;s Search Console and Analytics, a redirect manager, and more.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This popular tool minimizes the need for several technical and on-page SEO plugins.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The plugin&#8217;s modular design\u2014allowing users to select the capabilities they need and disable the ones they don&#8217;t\u2014is a popular feature that can improve a website&#8217;s performance.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-stored-cross-site-scripting\">Stored Cross-Site Scripting<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Wordfence WordPress security researchers warned about a potential stored Cross-Site Scripting (XSS) vulnerability in the Rank Math SEO plugin.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The Rank Math SEO plugin is prone to Stored Cross-Site Scripting (XSS) attacks on versions up to and including 1.0.119 because of inadequate input sanitization &amp; output escaping on user-supplied data.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Unauthorized attackers with access levels beyond contributor level can insert unauthorized web scripts into sites because of this security vulnerability.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">An attacker can use a stored cross-site scripting (XSS) vulnerability to upload malicious scripts and target browsers. This could result in compromised personal data, theft of session cookies, and unauthorized access to websites.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">When a user visits a page that has been injected, malicious scripts can start running, harming both the authenticity of the website and the users&#8217; security.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong><em>According to Wordfence<\/em><\/strong>, this vulnerability reminds us of the significance of appropriate input validation and output encoding procedures in web development.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-the-effect-of-the-vulnerability\">The Effect of the Vulnerability<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The potentially detrimental effect of this vulnerability is massive, as over two million websites use the Rank Math SEO plugin to maximize their search engine exposure.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong><em>The vulnerability is caused by inadequate sanitization of input and escape of output. These are typical causes of cross-site scripting (XSS) vulnerabilities in plugin sections where users can upload or enter data.<\/em><\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Users&#8217; data on websites vulnerable to this vulnerability, including financial details, account usernames and passwords, and private information, could be compromised.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Malicious scripts can also damage a company&#8217;s credibility, causing it to lose its trust and causing search engines to impose penalties and blocklisting.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-preventive-measures\">Preventive Measures<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Sanitizing input data is like removing undesirable input, such as HTML or scripts, when text inputs are the only type that should be allowed. Output escaping is a method that verifies what the website outputs to prevent unwanted output, such as malicious scripts, from entering a web browser.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Moreover, developers and users are responsible for ensuring security as plugins and third-party tools become increasingly essential to website operation.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Preventing new vulnerabilities requires constant updates, following recommended security protocols, and a proactive approach to digital sanitation.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Rank Math responsibly updates its changelog to reflect the changes made to its plugin and the reasons behind them. Because of this transparency, plugin customers can figure out the urgency of an update while understanding its importance.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The corrected vulnerability is identified in the changelog.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">&#8220;Improved: Strengthened the security of the plugin&#8217;s HowTo Block to prevent potential exploitation by users with post-edit access. Thanks to [<a href=\"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-plugins\/seo-by-rank-math\/rank-math-seo-with-ai-seo-tools-10214-authenticatedcontributor-stored-cross-site-scripting-via-howto-block-attributes\">WordFence<\/a>] for revealing it responsibly.&#8221;<\/p>\n\n\n\n<p class=\"quote-section wp-block-paragraph\">Be relaxed and secure with <a href=\"https:\/\/certera.com\/services\/wordpress-support-services\">Our Professional WordPress Support <\/a>Services, which will protect your website from security risks, malware, vulnerabilities, and cyber attacks. Our comprehensive approach to security includes every aspect, from monitoring website activity to identifying suspect code and preventing brute-force attacks.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The widely used Rank Math SEO plugin, which has over two million users, has addressed a Stored Cross-Site Scripting vulnerability that allows malicious scripts to be uploaded and attacks to be launched. Rank Math SEO plugin has been found to have a Stored Cross-Site Scripting (XSS) vulnerability that affects more than 2 million WordPress websites.&nbsp;<span class=\"morelink d-block mt-3\"><a href=\"https:\/\/certera.com\/blog\/rank-math-seo-plugin-vulnerability-leaves-2-million-wordpress-websites-open-to-attack\/\">Read More<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":2350,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[32,20],"tags":[479,480],"class_list":["post-2349","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vulnerability","category-wordpress-support-service","tag-rank-math-plugin-vulnerability","tag-wordpress-vulnerability-vulnerability-in-rank-math-seo-plugin","entry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Rank Math SEO Plugin Vulnerability Affects 2M+ WordPress Sites<\/title>\n<meta name=\"description\" content=\"Rank Math SEO plugin vulnerability traced as CVE-2024-2536 affects 2.3 million WordPress sites with Stored Cross-Site Scripting (XSS).\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/certera.com\/blog\/rank-math-seo-plugin-vulnerability-leaves-2-million-wordpress-websites-open-to-attack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Rank Math SEO Plugin Vulnerability Affects 2M+ WordPress Sites\" \/>\n<meta property=\"og:description\" content=\"Rank Math SEO plugin vulnerability traced as CVE-2024-2536 affects 2.3 million WordPress sites with Stored Cross-Site Scripting (XSS).\" \/>\n<meta property=\"og:url\" content=\"https:\/\/certera.com\/blog\/rank-math-seo-plugin-vulnerability-leaves-2-million-wordpress-websites-open-to-attack\/\" \/>\n<meta property=\"og:site_name\" content=\"EncryptedFence by Certera - Web &amp; Cyber Security Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/certeraLLC\/\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-28T11:22:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-03-28T11:22:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/certera.com\/blog\/wp-content\/uploads\/2024\/03\/wordpress-rank-math-seo-plugin-vulnerability-jpg.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"960\" \/>\n\t<meta property=\"og:image:height\" content=\"620\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Janki Mehta\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@certera_llc\" \/>\n<meta name=\"twitter:site\" content=\"@certera_llc\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Janki Mehta\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/rank-math-seo-plugin-vulnerability-leaves-2-million-wordpress-websites-open-to-attack\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/rank-math-seo-plugin-vulnerability-leaves-2-million-wordpress-websites-open-to-attack\\\/\"},\"author\":{\"name\":\"Janki Mehta\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/person\\\/e5a476aa90d9e02260ebfe4b0bf046b7\"},\"headline\":\"Rank Math SEO Plugin Vulnerability Leaves 2 million+ WordPress Websites Open to Attack\",\"datePublished\":\"2024-03-28T11:22:13+00:00\",\"dateModified\":\"2024-03-28T11:22:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/rank-math-seo-plugin-vulnerability-leaves-2-million-wordpress-websites-open-to-attack\\\/\"},\"wordCount\":699,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/rank-math-seo-plugin-vulnerability-leaves-2-million-wordpress-websites-open-to-attack\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/03\\\/wordpress-rank-math-seo-plugin-vulnerability-jpg.webp\",\"keywords\":[\"Rank Math Plugin Vulnerability\",\"WordPress Vulnerability Vulnerability In Rank Math SEO Plugin\"],\"articleSection\":[\"Vulnerability\",\"WordPress Support Service\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/certera.com\\\/blog\\\/rank-math-seo-plugin-vulnerability-leaves-2-million-wordpress-websites-open-to-attack\\\/#respond\"]}],\"copyrightYear\":\"2024\",\"copyrightHolder\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/rank-math-seo-plugin-vulnerability-leaves-2-million-wordpress-websites-open-to-attack\\\/\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/rank-math-seo-plugin-vulnerability-leaves-2-million-wordpress-websites-open-to-attack\\\/\",\"name\":\"Rank Math SEO Plugin Vulnerability Affects 2M+ WordPress Sites\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/rank-math-seo-plugin-vulnerability-leaves-2-million-wordpress-websites-open-to-attack\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/rank-math-seo-plugin-vulnerability-leaves-2-million-wordpress-websites-open-to-attack\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/03\\\/wordpress-rank-math-seo-plugin-vulnerability-jpg.webp\",\"datePublished\":\"2024-03-28T11:22:13+00:00\",\"dateModified\":\"2024-03-28T11:22:15+00:00\",\"description\":\"Rank Math SEO plugin vulnerability traced as CVE-2024-2536 affects 2.3 million WordPress sites with Stored Cross-Site Scripting (XSS).\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/rank-math-seo-plugin-vulnerability-leaves-2-million-wordpress-websites-open-to-attack\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/certera.com\\\/blog\\\/rank-math-seo-plugin-vulnerability-leaves-2-million-wordpress-websites-open-to-attack\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/rank-math-seo-plugin-vulnerability-leaves-2-million-wordpress-websites-open-to-attack\\\/#primaryimage\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/03\\\/wordpress-rank-math-seo-plugin-vulnerability-jpg.webp\",\"contentUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/03\\\/wordpress-rank-math-seo-plugin-vulnerability-jpg.webp\",\"width\":960,\"height\":620,\"caption\":\"Rank Math WordPress SEO Plugin Vulnerability\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/rank-math-seo-plugin-vulnerability-leaves-2-million-wordpress-websites-open-to-attack\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/certera.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Rank Math SEO Plugin Vulnerability Leaves 2 million+ WordPress Websites Open to Attack\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/\",\"name\":\"EncryptedFence by Certera - Web & Cyber Security Blog\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\"},\"alternateName\":\"Certera's EncryptedFence Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/certera.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\",\"name\":\"Certera\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/logo-encryptedfence.svg\",\"contentUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/logo-encryptedfence.svg\",\"caption\":\"Certera\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/certeraLLC\\\/\",\"https:\\\/\\\/x.com\\\/certera_llc\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/certera-llc\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/person\\\/e5a476aa90d9e02260ebfe4b0bf046b7\",\"name\":\"Janki Mehta\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g\",\"caption\":\"Janki Mehta\"},\"description\":\"Janki Mehta is a passionate Cyber-Security Enthusiast who keenly monitors the latest developments in the Web\\\/Cyber Security industry. She puts her knowledge into practice and helps web users by arming them with the necessary security measures to stay safe in the digital world.\",\"sameAs\":[\"https:\\\/\\\/certerassl.com\\\/\"],\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/author\\\/certerabguser\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Rank Math SEO Plugin Vulnerability Affects 2M+ WordPress Sites","description":"Rank Math SEO plugin vulnerability traced as CVE-2024-2536 affects 2.3 million WordPress sites with Stored Cross-Site Scripting (XSS).","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/certera.com\/blog\/rank-math-seo-plugin-vulnerability-leaves-2-million-wordpress-websites-open-to-attack\/","og_locale":"en_US","og_type":"article","og_title":"Rank Math SEO Plugin Vulnerability Affects 2M+ WordPress Sites","og_description":"Rank Math SEO plugin vulnerability traced as CVE-2024-2536 affects 2.3 million WordPress sites with Stored Cross-Site Scripting (XSS).","og_url":"https:\/\/certera.com\/blog\/rank-math-seo-plugin-vulnerability-leaves-2-million-wordpress-websites-open-to-attack\/","og_site_name":"EncryptedFence by Certera - Web &amp; Cyber Security Blog","article_publisher":"https:\/\/www.facebook.com\/certeraLLC\/","article_published_time":"2024-03-28T11:22:13+00:00","article_modified_time":"2024-03-28T11:22:15+00:00","og_image":[{"width":960,"height":620,"url":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2024\/03\/wordpress-rank-math-seo-plugin-vulnerability-jpg.webp","type":"image\/jpeg"}],"author":"Janki Mehta","twitter_card":"summary_large_image","twitter_creator":"@certera_llc","twitter_site":"@certera_llc","twitter_misc":{"Written by":"Janki Mehta","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/certera.com\/blog\/rank-math-seo-plugin-vulnerability-leaves-2-million-wordpress-websites-open-to-attack\/#article","isPartOf":{"@id":"https:\/\/certera.com\/blog\/rank-math-seo-plugin-vulnerability-leaves-2-million-wordpress-websites-open-to-attack\/"},"author":{"name":"Janki Mehta","@id":"https:\/\/certera.com\/blog\/#\/schema\/person\/e5a476aa90d9e02260ebfe4b0bf046b7"},"headline":"Rank Math SEO Plugin Vulnerability Leaves 2 million+ WordPress Websites Open to Attack","datePublished":"2024-03-28T11:22:13+00:00","dateModified":"2024-03-28T11:22:15+00:00","mainEntityOfPage":{"@id":"https:\/\/certera.com\/blog\/rank-math-seo-plugin-vulnerability-leaves-2-million-wordpress-websites-open-to-attack\/"},"wordCount":699,"commentCount":0,"publisher":{"@id":"https:\/\/certera.com\/blog\/#organization"},"image":{"@id":"https:\/\/certera.com\/blog\/rank-math-seo-plugin-vulnerability-leaves-2-million-wordpress-websites-open-to-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2024\/03\/wordpress-rank-math-seo-plugin-vulnerability-jpg.webp","keywords":["Rank Math Plugin Vulnerability","WordPress Vulnerability Vulnerability In Rank Math SEO Plugin"],"articleSection":["Vulnerability","WordPress Support Service"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/certera.com\/blog\/rank-math-seo-plugin-vulnerability-leaves-2-million-wordpress-websites-open-to-attack\/#respond"]}],"copyrightYear":"2024","copyrightHolder":{"@id":"https:\/\/certera.com\/blog\/#organization"}},{"@type":"WebPage","@id":"https:\/\/certera.com\/blog\/rank-math-seo-plugin-vulnerability-leaves-2-million-wordpress-websites-open-to-attack\/","url":"https:\/\/certera.com\/blog\/rank-math-seo-plugin-vulnerability-leaves-2-million-wordpress-websites-open-to-attack\/","name":"Rank Math SEO Plugin Vulnerability Affects 2M+ WordPress Sites","isPartOf":{"@id":"https:\/\/certera.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/certera.com\/blog\/rank-math-seo-plugin-vulnerability-leaves-2-million-wordpress-websites-open-to-attack\/#primaryimage"},"image":{"@id":"https:\/\/certera.com\/blog\/rank-math-seo-plugin-vulnerability-leaves-2-million-wordpress-websites-open-to-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2024\/03\/wordpress-rank-math-seo-plugin-vulnerability-jpg.webp","datePublished":"2024-03-28T11:22:13+00:00","dateModified":"2024-03-28T11:22:15+00:00","description":"Rank Math SEO plugin vulnerability traced as CVE-2024-2536 affects 2.3 million WordPress sites with Stored Cross-Site Scripting (XSS).","breadcrumb":{"@id":"https:\/\/certera.com\/blog\/rank-math-seo-plugin-vulnerability-leaves-2-million-wordpress-websites-open-to-attack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/certera.com\/blog\/rank-math-seo-plugin-vulnerability-leaves-2-million-wordpress-websites-open-to-attack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/certera.com\/blog\/rank-math-seo-plugin-vulnerability-leaves-2-million-wordpress-websites-open-to-attack\/#primaryimage","url":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2024\/03\/wordpress-rank-math-seo-plugin-vulnerability-jpg.webp","contentUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2024\/03\/wordpress-rank-math-seo-plugin-vulnerability-jpg.webp","width":960,"height":620,"caption":"Rank Math WordPress SEO Plugin Vulnerability"},{"@type":"BreadcrumbList","@id":"https:\/\/certera.com\/blog\/rank-math-seo-plugin-vulnerability-leaves-2-million-wordpress-websites-open-to-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/certera.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Rank Math SEO Plugin Vulnerability Leaves 2 million+ WordPress Websites Open to Attack"}]},{"@type":"WebSite","@id":"https:\/\/certera.com\/blog\/#website","url":"https:\/\/certera.com\/blog\/","name":"EncryptedFence by Certera - Web & Cyber Security Blog","description":"","publisher":{"@id":"https:\/\/certera.com\/blog\/#organization"},"alternateName":"Certera's EncryptedFence Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/certera.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/certera.com\/blog\/#organization","name":"Certera","url":"https:\/\/certera.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/certera.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/08\/logo-encryptedfence.svg","contentUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/08\/logo-encryptedfence.svg","caption":"Certera"},"image":{"@id":"https:\/\/certera.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/certeraLLC\/","https:\/\/x.com\/certera_llc","https:\/\/www.linkedin.com\/company\/certera-llc\/"]},{"@type":"Person","@id":"https:\/\/certera.com\/blog\/#\/schema\/person\/e5a476aa90d9e02260ebfe4b0bf046b7","name":"Janki Mehta","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g","caption":"Janki Mehta"},"description":"Janki Mehta is a passionate Cyber-Security Enthusiast who keenly monitors the latest developments in the Web\/Cyber Security industry. She puts her knowledge into practice and helps web users by arming them with the necessary security measures to stay safe in the digital world.","sameAs":["https:\/\/certerassl.com\/"],"url":"https:\/\/certera.com\/blog\/author\/certerabguser\/"}]}},"_links":{"self":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts\/2349","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/comments?post=2349"}],"version-history":[{"count":1,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts\/2349\/revisions"}],"predecessor-version":[{"id":2351,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts\/2349\/revisions\/2351"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/media\/2350"}],"wp:attachment":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/media?parent=2349"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/categories?post=2349"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/tags?post=2349"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}