Description
Cross-Site Request Forgery (CSRF) vulnerability in rankchecker Rankchecker.io Integration rankchecker-io-integration allows Stored XSS.This issue affects Rankchecker.io Integration: from n/a through <= 1.0.9.
Published: 2025-03-11
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Rankchecker.io Integration plugin for WordPress contains a Cross‑Site Request Forgery flaw (CWE‑352) that permits an attacker to forge requests that store malicious scripts in the site’s content. When these stored scripts are later viewed, they execute in users’ browsers, compromising confidentiality, integrity, and availability of the affected WordPress site.

Affected Systems

WordPress installations running Rankchecker.io Integration version 1.0.9 or earlier are impacted. The plugin is provided by Rankchecker and is available through the official WordPress plugin repository.

Risk and Exploitability

The CVSS score of 7.1 indicates high impact, yet the EPSS score of less than 1% suggests that real‑world exploitation is currently unlikely. The vulnerability is not listed in the CISA KEV catalog. Exploitation generally requires the attacker to craft a CSRF request against the plugin’s stored‑script endpoint, often necessitating a legitimate user session or the ability to embed malicious content through an authenticated user’s action. Despite the low exploitation probability, the high severity warrants prompt remediation.

Generated by OpenCVE AI on May 2, 2026 at 08:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Rankchecker.io Integration to a version newer than 1.0.9.
  • Inspect the site’s stored content for injected scripts and remove any that appear malicious.
  • Ensure that WordPress CSRF protection mechanisms (nonces) are active for all plugin forms and enforce them consistently.

Generated by OpenCVE AI on May 2, 2026 at 08:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-7828 Cross-Site Request Forgery (CSRF) vulnerability in rankchecker Rankchecker.io Integration allows Stored XSS. This issue affects Rankchecker.io Integration: from n/a through 1.0.9.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

 cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in rankchecker Rankchecker.io Integration allows Stored XSS. This issue affects Rankchecker.io Integration: from n/a through 1.0.9. Cross-Site Request Forgery (CSRF) vulnerability in rankchecker Rankchecker.io Integration rankchecker-io-integration allows Stored XSS.This issue affects Rankchecker.io Integration: from n/a through <= 1.0.9.
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

 cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

Fri, 11 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.0002}

 epss

{'score': 0.00028}

Wed, 19 Mar 2025 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Rankchecker
Rankchecker rankchecker
CPEs cpe:2.3:a:rankchecker:rankchecker:*:*:*:*:*:wordpress:*:*
Vendors & Products Rankchecker
Rankchecker rankchecker

Wed, 12 Mar 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 11 Mar 2025 21:15:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in rankchecker Rankchecker.io Integration allows Stored XSS. This issue affects Rankchecker.io Integration: from n/a through 1.0.9.
Title WordPress Rankchecker.io Integration plugin <= 1.0.9 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Rankchecker Rankchecker
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:49.204Z

Reserved: 2025-03-11T08:08:42.174Z

Link: CVE-2025-28857

cve-icon Vulnrichment

Updated: 2025-03-12T15:03:37.857Z

cve-icon NVD

Status : Modified

Published: 2025-03-11T21:15:42.903

Modified: 2026-04-23T15:26:27.123

Link: CVE-2025-28857

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T09:00:11Z

Weaknesses