QwikSec

Security Database

CVE

CWE

Training

CVE-2025-12714

Published: May 29, 2026

Modified: May 29, 2026

PUBLISHED

CVSS v3.1

5.3

MEDIUM

Description

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the update_site_editor_homepage function in all versions up to, and including, 1.0.271. This makes it possible for unauthenticated attackers to modify several plugin settings including homepage title, meta description, breadcrumbs label, and social media metadata, which can have severe impact on SEO rankings and display malicious content across all site pages where breadcrumbs are used.

Vendor	Product	Versions
rankmath	Rank Math SEO – AI SEO Tools to Dominate SEO Rankings	affected `0 - <= 1.0.271`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/dd072774-6f85-42de-a9d4-6826703ad839?source=cve

https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L122

https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L129

https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-shared.php#L339

https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/rest/class-rest-helper.php#L75

https://plugins.trac.wordpress.org/changeset/3552223/seo-by-rank-math/trunk/includes/rest/class-rest-helper.php

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.