Security Advisory

CVE-2020-11515

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-04-07 16:51:42
Last updated 2024-08-04 11:35:12
Assigner mitre
State PUBLISHED

Description

The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that redirect to an external web site) via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an "Open Redirect" issue; instead, it allows the attacker to create a new URI with an arbitrary name (e.g., the /exampleredirect URI).