What the vulnerability does
01Description
Missing Authorization vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rank Math SEO: from n/a through <= 1.0.252.1.
Explanation of Vulnerability in Simple Terms
02Summary
Rank Math SEO versions up to 1.0.252.1 lack proper authorization checks, allowing high-privilege users to modify site settings and data without proper access controls. An attacker with administrator or editor-level access can alter integrity-sensitive configurations. The vulnerability requires existing high-level account access and does not expose confidential information.
What an attacker can do
03Attacker Capabilities
Modify site settings and data if they have high-level account access.
Potential impact on your site
04Site Impact
Trusted admins or editors could maliciously alter SEO settings, metadata, or site configuration.
Conditions required to exploit
05Prerequisites
Attacker must have administrator or editor-level account on the WordPress site.
Key dates
06Disclosure timeline
October 31, 2025
CVE published
April 28, 2026
Record updated