cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-9314,https://securityvulnerability.io/vulnerability/CVE-2024-9314,Rank Math Plugin Vulnerable to PHP Object Injection Attacks,"The Rank Math SEO plugin for WordPress is susceptible to PHP Object Injection due to the insecure deserialization of untrusted input in the 'set_redirections' function. This vulnerability affects all versions up to and including 1.0.228. Authenticated attackers with Administrator-level access can exploit this flaw to inject a PHP Object. Although no known PHP Object Injection (POP) chain exists within the plugin itself, if an attacker has additional plugins or themes that provide a POP chain, they can potentially delete arbitrary files, access sensitive information, or execute malicious code on compromised systems.",Wordpress,Rank Math Seo – Ai Seo Tools To Dominate Seo Rankings,7.2,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-10-05T11:21:20.603Z,0
CVE-2024-9161,https://securityvulnerability.io/vulnerability/CVE-2024-9161,Rank Math SEO Plugin Vulnerable to Unauthorized Data Modification,"The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'update_metadata' function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated attackers to insert new and update existing metadata beginning with 'rank_math', and delete arbitrary existing user metadata and term metadata. Deleting existing usermeta can cause a loss of access to the administrator dashboard for any registered users, including Administrators.",Wordpress,Rank Math Seo – Ai Seo Tools To Dominate Seo Rankings,6.5,MEDIUM,0.0005799999926239252,false,,false,false,false,,false,false,2024-10-05T11:21:19.388Z,0