CVE-2023-32800 HIGH

CVE-2023-32800: WordPress Rank Math SEO PRO Plugin <= 3.0.35 is vulnerable to Cross Site Scripting (XSS)

Vendor One
Product Rank Math SEO PRO
Weakness CWE-79 · XSS
Published May 28, 2023
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in One Rank Math SEO PRO plugin <= 3.0.35 versions.

Key dates

02Disclosure timeline

May 28, 2023 CVE published
April 28, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-48209 Reflected XSS in authenticated agent context CVE-2023-2999 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq CVE-2024-4339 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2023-5128 TCD Google Maps <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2025-49923 WordPress Seriously Simple Podcasting plugin <= 3.11.1 - Cross Site Scripting (XSS) vulnerability