Reflected cross-site scripting (XSS) vulnerability

#830067
  • Resolved Desert Bookings

    1 year, 9 months ago

    Rank Math free

    From desertbookings.com
    – On Hostinger Vulnerability issue:
    – “Reflected cross-site scripting (XSS) vulnerability discovered by Rafie Muhammad (Patchstack) in WordPress Plugin Rank Math seo pro (version <= 3.035)”
    – Hostinger is recommending to deactivate and uninstall the plugin.
    – The Patchstack notification warns about a moderately dangerous CVSS 7.1 Cross-Site Scripting (XSS) vulnerability. It could allow malicious actors to inject harmful scripts into your website. The impact varies, and although the CVSS score is not ideal for WordPress, it’s important to handle the issue professionally if your website is WordPress-based.
    – Need your collective opinion.

Viewing 4 replies - 1 through 4 (of 4 total)
  • RankBot

    1 year, 9 months ago

    Hello,

    Thank you for bringing this issue to our attention. We take security vulnerabilities very seriously at Rank Math.

    Regarding the reflected cross-site scripting (XSS) vulnerability discovered in Rank Math SEO Pro version

    Sources:
    Analyzing Your Site’s SEO with Rank Math’s SEO Analysis Tool
    The #1 WordPress SEO Plugin in 2024 – Rank Math

    Miguel

    1 year, 9 months ago

    Hello,

    Thank you for contacting support.

    That refers to a patched vulnerability in the PRO plugin. In fact, that only happens on versions before 3.0.35 but we are currently on version 3.0.65 of the PRO plugin already.

    Since you don’t have a PRO subscription you will need to ask the person holding the PRO license of your website to update the plugin to the latest version.

    Don’t hesitate to get in touch if you have any other questions.

    Desert Bookings

    1 year, 9 months ago

    Rank Math free

    Thanks, A lot.

    Adetayo

    1 year, 9 months ago

    Hello,

    We are glad to know that this issue has been resolved. Thank you for letting us know.

    This ticket will be closed now, but you can always open a new one if you have any other questions or concerns. We are here to help you with anything related to Rank Math.

    We appreciate your patience and cooperation throughout this process.

    Thank you for choosing Rank Math.

Viewing 4 replies - 1 through 4 (of 4 total)

The ticket ‘Reflected cross-site scripting (XSS) vulnerability’ is closed to new replies.