What the vulnerability does
01Description
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the update_site_editor_homepage function in all versions up to, and including, 1.0.271. This makes it possible for unauthenticated attackers to modify several plugin settings including homepage title, meta description, breadcrumbs label, and social media metadata, which can have severe impact on SEO rankings and display malicious content across all site pages where breadcrumbs are used.
Explanation of Vulnerability in Simple Terms
02Summary
Rank Math SEO versions up to 1.0.271 lack proper authorization checks, allowing unauthenticated attackers to modify site data over the network. The vulnerability requires no user interaction and affects the plugin's integrity controls. Site administrators should update to a version newer than 1.0.271 immediately.
What an attacker can do
03Attacker Capabilities
Modify site data without authentication or permission.
Potential impact on your site
04Site Impact
Attackers can alter your site's content, settings, or SEO configuration without logging in.
Conditions required to exploit
05Prerequisites
Network access only; no authentication or user interaction required.
Key dates
06Disclosure timeline
May 29, 2026
CVE published
May 29, 2026
Record updated