The plugin does not sanitize the before, after, wrap_before, and wrap_after breadcrumb arguments before outputting them on the page. An attacker with sufficient privileges could inject arbitrary JavaScript through these parameters, which would execute in the browsers of all visitors viewing pages with breadcrumbs.

This vulnerability affects the following application versions:

  • Rank Math SEO 1.0.215
  • Rank Math SEO 1.0.215.1
  • Rank Math SEO 1.0.216
  • Rank Math SEO 1.0.217
  • Rank Math SEO 1.0.218
  • Rank Math SEO 1.0.219
  • Rank Math SEO 1.0.220
  • Rank Math SEO 1.0.221
  • Rank Math SEO 1.0.222
  • Rank Math SEO 1.0.223
  • Rank Math SEO 1.0.224
  • Rank Math SEO 1.0.225
  • Rank Math SEO 1.0.226
  • Rank Math SEO 1.0.227
  • Rank Math SEO 1.0.227.1
  • Rank Math SEO 1.0.228
  • Rank Math SEO 1.0.229

Skriv et svar

Din e-mailadresse vil ikke blive publiceret. Krævede felter er markeret med *