CVE-2025-64351 MEDIUM

CVE-2025-64351: WordPress Rank Math SEO plugin <= 1.0.252.1 - Sensitive Data Exposure vulnerability

Vendor Rank Math Seo
Product Rank Math SEO
Weakness CWE-201
Published October 31, 2025
Last update April 28, 2026

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Insertion of Sensitive Information Into Sent Data vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Retrieve Embedded Sensitive Data.This issue affects Rank Math SEO: from n/a through <= 1.0.252.1.

Explanation of Vulnerability in Simple Terms

02Summary

Rank Math SEO versions up to 1.0.252.1 expose sensitive information to authenticated users with low privileges. An attacker with a low-privilege account can read data they should not have access to. The vulnerability requires network access and an active login but no additional user interaction. Update to a version newer than 1.0.252.1 to remediate.

What an attacker can do

03Attacker Capabilities

Read sensitive information accessible only to higher-privilege users.

Potential impact on your site

04Site Impact

Low-privilege users (subscribers, contributors) can view data meant for admins or editors.

Conditions required to exploit

05Prerequisites

Attacker must have a low-privilege account on the site and network access.

Key dates

06Disclosure timeline

October 31, 2025 CVE published
April 28, 2026 Record updated