Vulnerabilities ›

CVE-2025-12714

Medium

CWE-862 — Weakness Type

                    Published: May 29, 2026                      ·  Modified: Jun 1, 2026                      ·  Source: NVD                

CVSS v3

5.3

🔗 NVD Official

📄 Description (English)

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the update_site_editor_homepage function in all versions up to, and including, 1.0.271. This makes it possible for unauthenticated attackers to modify several plugin settings including homepage title, meta description, breadcrumbs label, and social media metadata, which can have severe impact on SEO rankings and display malicious content across all site pages where breadcrumbs are used.

🤖 AI Executive Summary

The Rank Math SEO plugin for WordPress contains a missing capability check vulnerability allowing unauthenticated attackers to modify critical SEO settings and homepage metadata. This could enable attackers to inject malicious content, manipulate search rankings, and deface website breadcrumbs across all pages.

📄 Description (Arabic)

يحتوي مكون Rank Math SEO على ثغرة في التحقق من الصلاحيات تسمح للمهاجمين غير المصرحين بتعديل إعدادات تحسين محركات البحث الحرجة. يمكن للمهاجمين حقن محتوى ضار وتعديل وصف الصفحة الرئيسية والبيانات الوصفية لوسائل التواصل الاجتماعي.

🤖 ملخص تنفيذي (AI)

🤖 AI Intelligence Analysis Analyzed: May 30, 2026 10:37

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

banking telecom energy government healthcare

🎯 MITRE ATT&CK Techniques

T1190 T1199 T1566

⚖️ Saudi Risk Score (AI)

6.0

/ 10.0

🔧 Remediation Steps (English)

Update Rank Math SEO plugin to version 1.0.272 or later immediately. Implement Web Application Firewall (WAF) rules to restrict access to plugin administrative functions. Monitor WordPress logs for suspicious update_site_editor_homepage function calls. Disable the plugin if immediate patching is not possible.

🔧 خطوات المعالجة (العربية)

قم بتحديث مكون Rank Math SEO إلى الإصدار 1.0.272 أو أحدث فوراً. طبق قواعد جدار حماية تطبيقات الويب لتقييد الوصول إلى وظائف إدارة المكون. راقب سجلات WordPress للكشف عن استدعاءات مريبة. عطل المكون إذا لم يكن التحديث الفوري ممكناً.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

AC-2 AC-3

🔵 SAMA CSF

CC-6.1 CC-6.2

🟡 ISO 27001:2022

A.9.2.1 A.9.4.3

🔗 References & Sources 6

🔗

https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-r...

security@wordfence.com

🔗

https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-s...

security@wordfence.com

🔗

https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-s...

security@wordfence.com

🔗

https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-s...

security@wordfence.com

🔗

https://plugins.trac.wordpress.org/changeset/3552223/seo-by-rank-math/trunk/includes/re...

security@wordfence.com

🔗

https://www.wordfence.com/threat-intel/vulnerabilities/id/dd072774-6f85-42de-a9d4-68267...

security@wordfence.com

📊 CVSS Score

5.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityL — Low / Local

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score5.3

CWECWE-862

EPSS0.08%

Exploit No

Patch ✗ No

Published 2026-05-29

Source Feed nvd

🇸🇦 Saudi Risk Score

6.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-862

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2025-12714

Introduce Yourself

Sign In Required