CVE-2025-64350 LOW

CVE-2025-64350: WordPress Rank Math SEO plugin <= 1.0.252.1 - Broken Access Control vulnerability

Vendor Rank Math Seo
Product Rank Math SEO
Weakness CWE-862 · Missing authorization
Published October 31, 2025
Last update April 28, 2026

CVSS base score

3.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

Missing Authorization vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rank Math SEO: from n/a through <= 1.0.252.1.

Explanation of Vulnerability in Simple Terms

02Summary

Rank Math SEO versions up to 1.0.252.1 lack proper authorization checks, allowing high-privilege users to modify site settings and data without proper access controls. An attacker with administrator or editor-level access can alter integrity-sensitive configurations. The vulnerability requires existing high-level account access and does not expose confidential information.

What an attacker can do

03Attacker Capabilities

Modify site settings and data if they have high-level account access.

Potential impact on your site

04Site Impact

Trusted admins or editors could maliciously alter SEO settings, metadata, or site configuration.

Conditions required to exploit

05Prerequisites

Attacker must have administrator or editor-level account on the WordPress site.

Key dates

06Disclosure timeline

October 31, 2025 CVE published
April 28, 2026 Record updated