Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 20 known issues Latest disclosed Sep 11, 2025

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings Vulnerabilities

Q: Which Rank Math SEO – AI SEO Tools to Dominate SEO Rankings CVEs are tracked?

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings tracked CVEs include CVE-2020-11514, CVE-2020-11515, CVE-2024-11620, CVE-2024-9314, and CVE-2024-9161.

Q: How many Rank Math SEO – AI SEO Tools to Dominate SEO Rankings vulnerabilities have patch guidance?

20 of 20 tracked Rank Math SEO – AI SEO Tools to Dominate SEO Rankings records include a published patch path.

Review known vulnerability records for the WordPress plugin Rank Math SEO – AI SEO Tools to Dominate SEO Rankings (`seo-by-rank-math`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-64351, CVE-2025-64350 and CVE-2024-13227, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

Nov 04, 2025

Priority CVE Quick Links

Fast paths into Rank Math SEO – AI SEO Tools to Dominate SEO Rankings CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

CVE-2020-11514 Critical 1.0.41

CVE-2020-11514 Rank Math SEO – AI SEO Tools to Dominate SEO Rankings Privilege Escalation

Rank Math SEO <= 1.0.40.2 - Privilege Escalation via Unprotected REST API Endpoint

CVE-2020-11515 High 1.0.41

CVE-2020-11515 Rank Math SEO – AI SEO Tools to Dominate SEO Rankings Vulnerability

Rank Math SEO <= 1.0.40.2 - Redirect Creation via Unprotected REST API Endpoint

CVE-2024-11620 High 1.0.232

CVE-2024-11620 Rank Math SEO – AI SEO Tools to Dominate SEO Rankings Remote Code Execution

Rank Math SEO <= 1.0.231 - .htaccess File Manipulation to Remote Code Execution

CVE-2024-9314 High 1.0.229

CVE-2024-9314 Rank Math SEO – AI SEO Tools to Dominate SEO Rankings Vulnerability

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.228 - Authenticated (Administrator+) PHP Object Injection

CVE-2024-9161 Medium 1.0.229

CVE-2024-9161 Rank Math SEO – AI SEO Tools to Dominate SEO Rankings Vulnerability

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.228 - Missing Authorization to Unauthenticated User and Term Metadata Insert, Update, and Delete

CVE-2023-23888 Medium 1.0.107.3

CVE-2023-23888 Rank Math SEO – AI SEO Tools to Dominate SEO Rankings Local File Inclusion

RankMath SEO <= 1.0.107.2 - Authenticated (Contributor+) Local File Inclusion

CVE-2019-14786 Medium 1.0.27.1

CVE-2019-14786 Rank Math SEO – AI SEO Tools to Dominate SEO Rankings Vulnerability

Rank Math SEO <= 1.0.27 - Authenticated Settings Reset via reset-cmb Parameter

CVE-2024-13227 Medium 1.0.236

CVE-2024-13227 Rank Math SEO – AI SEO Tools to Dominate SEO Rankings Stored Cross-Site Scripting

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.235 - Authenticated (Contributor+) Stored Cross-Site Scripting via Rank Math API

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Rank Math SEO – AI SEO Tools to Dominate SEO Rankings so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

20 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

1 critical and 4 high severity findings.

Recent CVEs

CVE-2025-64351, CVE-2025-64350 and CVE-2024-13227

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2025-64351 Medium Patch path listed

CVE-2025-64351: Rank Math SEO <= 1.0.252.1 - Authenticated (Subscriber+) Information Exposure

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.252.1. This makes it...

Published

Sep 11, 2025

Patch Status

1.0.253

Open CVE-2025-64351 Report

CVE-2025-64350 Medium Patch path listed

CVE-2025-64350: Rank Math SEO <= 1.0.252.1 - Missing Authorization

The Rank Math SEO plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the track() function in versions up to, and including, 1.0.252.1. This makes...

Published

Sep 11, 2025

Patch Status

1.0.253

Open CVE-2025-64350 Report

CVE-2024-13227 Medium Patch path listed

CVE-2024-13227: Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.235 - Authenticated (Contributor+) Stored Cross-Site Scripting via Rank Math API

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Rank Math API in all versions up to, and includin...

Published

Feb 12, 2025

Patch Status

1.0.236

Open CVE-2024-13227 Report

Known Vulnerabilities

Reports for Rank Math SEO – AI SEO Tools to Dominate SEO Rankings

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-64351

CVE-2025-64351: Rank Math SEO <= 1.0.252.1 - Authenticated (Subscriber+) Information Exposure

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.252.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract s...

Published

Sep 11, 2025

Patched Release

1.0.253

Affected Versions

Versions up to 1.0.252.1

Next Step

Update to 1.0.253 or newer if supported.

Open CVE-2025-64351 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-64350

CVE-2025-64350: Rank Math SEO <= 1.0.252.1 - Missing Authorization

The Rank Math SEO plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the track() function in versions up to, and including, 1.0.252.1. This makes it possible for authenticated attackers, with author-level access and above, to perform an...

Published

Sep 11, 2025

Patched Release

1.0.253

Affected Versions

Versions up to 1.0.252.1

Next Step

Update to 1.0.253 or newer if supported.

Open CVE-2025-64350 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-13227

CVE-2024-13227: Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.235 - Authenticated (Contributor+) Stored Cross-Site Scripting via Rank Math API

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Rank Math API in all versions up to, and including, 1.0.235 due to insufficient input sanitization and output escaping on user supplied att...

Published

Feb 12, 2025

Patched Release

1.0.236

Affected Versions

Versions up to 1.0.235

Next Step

Update to 1.0.236 or newer if supported.

Open CVE-2024-13227 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-13229

CVE-2024-13229: Rank Math SEO <= 1.0.235 - Missing Authorization to Authenticated (Contributor+) Arbitrary Schema Deletion

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the update_metadata() function in all versions up to, and including, 1.0.235. This makes it possible for authenticated at...

Published

Feb 12, 2025

Patched Release

1.0.236

Affected Versions

Versions up to 1.0.235

Next Step

Update to 1.0.236 or newer if supported.

Open CVE-2024-13229 Report Open CVE Reference

Plugin High Patched: Yes CVE-2024-11620

CVE-2024-11620: Rank Math SEO <= 1.0.231 - .htaccess File Manipulation to Remote Code Execution

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.231. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on t...

Published

Nov 22, 2024

Patched Release

1.0.232

Affected Versions

Versions up to 1.0.231

Next Step

Update to 1.0.232 or newer if supported.

Open CVE-2024-11620 Report Open CVE Reference

Plugin High Patched: Yes CVE-2024-9314

CVE-2024-9314: Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.228 - Authenticated (Administrator+) PHP Object Injection

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.228 via deserialization of untrusted input 'set_redirections' function. This makes it possible for authenticated attacker...

Published

Oct 04, 2024

Patched Release

1.0.229

Affected Versions

Versions up to 1.0.228

Next Step

Update to 1.0.229 or newer if supported.

Open CVE-2024-9314 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-9161

CVE-2024-9161: Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.228 - Missing Authorization to Unauthenticated User and Term Metadata Insert, Update, and Delete

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'update_metadata' function in all versions up to, and including, 1.0.228. This makes it possible for...

Published

Oct 04, 2024

Patched Release

1.0.229

Affected Versions

Versions up to 1.0.228

Next Step

Update to 1.0.229 or newer if supported.

Open CVE-2024-9161 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-4627

CVE-2024-4627: Rank Math SEO <= 1.0.218 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.218 due to insufficient input sanitization and output escaping. This makes it possible for auth...

Published

Jun 11, 2024

Patched Release

1.0.219

Affected Versions

Versions up to 1.0.218

Next Step

Update to 1.0.219 or newer if supported.

Open CVE-2024-4627 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-4617

CVE-2024-4617: Rank Math SEO with AI Best SEO Tools <= 1.0.218 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in versions up to, and including, 1.0.218 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacke...

Published

May 15, 2024

Patched Release

1.0.219-beta

Affected Versions

Versions up to 1.0.218

Next Step

Update to 1.0.219-beta or newer if supported.

Open CVE-2024-4617 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-4335

CVE-2024-4335: Rank Math SEO with AI Best SEO Tools <= 1.0.217 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textAlign’ parameter in versions up to, and including, 1.0.217 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

Published

May 03, 2024

Patched Release

1.0.218

Affected Versions

Versions up to 1.0.217

Next Step

Update to 1.0.218 or newer if supported.

Open CVE-2024-4335 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-3665

CVE-2024-3665: Rank Math SEO with AI SEO Tools <= 1.0.216 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'titleWrapper'

The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's HowTo and FAQ widgets in all versions up to, and including, 1.0.216 due to insufficient input sanitization and output escaping on user supplied attributes. This...

Published

Apr 22, 2024

Patched Release

1.0.217

Affected Versions

Versions up to 1.0.216

Next Step

Update to 1.0.217 or newer if supported.

Open CVE-2024-3665 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-2536

CVE-2024-2536: Rank Math SEO with AI SEO Tools <= 1.0.214 - Authenticated(Contributor+) Stored Cross-Site Scripting via HowTo block attributes

The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HowTo block attributes in all versions up to, and including, 1.0.214 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

Published

Mar 21, 2024

Patched Release

1.0.215

Affected Versions

Versions up to 1.0.214

Next Step

Update to 1.0.215 or newer if supported.

Open CVE-2024-2536 Report Open CVE Reference