Researchers at WordFence, a company that provides cybersecurity services for WordPress users, has warned of two security problems in a popular WordPress plugin called Rank Math.

That’s “math” as in “calculations relating to” and “rank” as in “search engine rating”, not “rank math” as in a real stinker of a calculus problem.

The creators of Rank Math, it seems, had neglected to put security checks on some of the remote commands that the plugin supports.

As a result, someone who hadn’t logged in could have triggered two related bugs.

In the first bug, a regular user could have promoted themselves to an administrator without logging in first.

That’s a sneaky sort of bug for a discontented user to have at their disposal to because it means they could acquire admin privileges without leaving anything in the logs that tied the modification directly to them.

Källa: Don’t get locked out of your own website – update this WordPress plugin now!


Anmäl dig till Mackens Nyhetsbrev


Du får förhandsinformation om Macken, våra planer och du får informationen, först och direkt till din mail. Vi lovar att inte skicka din information vidare och vi lovar att inte skicka ut mer än max ett nyhetsbrev per månad. Anmäl dig här