What the vulnerability does
01Description
Insertion of Sensitive Information Into Sent Data vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Retrieve Embedded Sensitive Data.This issue affects Rank Math SEO: from n/a through <= 1.0.252.1.
Explanation of Vulnerability in Simple Terms
02Summary
Rank Math SEO versions up to 1.0.252.1 expose sensitive information to authenticated users with low privileges. An attacker with a low-privilege account can read data they should not have access to. The vulnerability requires network access and an active login but no additional user interaction. Update to a version newer than 1.0.252.1 to remediate.
What an attacker can do
03Attacker Capabilities
Read sensitive information accessible only to higher-privilege users.
Potential impact on your site
04Site Impact
Low-privilege users (subscribers, contributors) can view data meant for admins or editors.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege account on the site and network access.
Key dates
06Disclosure timeline
October 31, 2025
CVE published
April 28, 2026
Record updated