Multiple Vulnerability Discovered in Rank Math < 10.0.41
https://www.wordfence.comRank Math WordPress plugin has 200,000+ active installations and is a very popular SEO plugin for WordPress. I am using this on multiple site’s I run. In versions prior to 10.0.41, one vulnerability allowed attackers to update arbitrary metadata, which included the ability to grant or revoke administrative privileges for any registered user on the site. The second vulnerability allowed an unauthenticated attacker to create redirects from almost any location on the site to any destination of their choice.
The developers were quick to fix the issue that was reported on March 25, 2020, the issue has been fixed in Version 10.0.41 which was available the next day. You can get it now from the WordPress Plugin Repo.