The Rank Math SEO WordPress plugin before 1.0.219 does not sanitise and escape some of its settings, which could allow users with access to the General Settings (by default admin, however such access can be given to lower roles via the Role Manager feature of the Rank Math SEO WordPress plugin before 1.0.219) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-07-02T06:00:02.905Z

Updated: 2024-08-01T20:47:41.192Z

Reserved: 2024-05-07T20:18:45.838Z

Link: CVE-2024-4627

cve-icon Vulnrichment

Updated: 2024-08-01T20:47:41.192Z

cve-icon NVD

Status : Modified

Published: 2024-07-02T06:15:04.400

Modified: 2024-11-21T09:43:14.720

Link: CVE-2024-4627

cve-icon Redhat

No data.