PatchSiren cyber security CVE debrief
CVE-2026-34892 Rank Math SEO CVE debrief
A Subscriber Broken Access Control vulnerability was found in Rank Math SEO plugin versions <= 1.0.271. This vulnerability has been assigned a CVSS score of 6.5, indicating a Medium severity level. The vulnerability was published on [cvePublishedAt] and last modified on [cveModifiedAt].
- Vendor
- Rank Math SEO
- Product
- Unknown
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of Rank Math SEO plugin versions <= 1.0.271 should update to a patched version to prevent potential exploitation of this vulnerability.
Technical summary
The vulnerability is described as a Subscriber Broken Access Control issue in the Rank Math SEO plugin. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N, indicating that an attacker with low privileges can exploit this vulnerability over the network, requiring no user interaction.
Defensive priority
Medium
Recommended defensive actions
- Update Rank Math SEO plugin to a version greater than 1.0.271.
- Review and restrict user access and privileges as necessary.
Evidence notes
Evidence for this CVE was provided by Patchstack, as indicated in the sourceItem and resourceLinks.
Official resources
-
CVE-2026-34892 CVE record
CVE.org
-
CVE-2026-34892 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-34892 was published on 2026-06-15T21:16:41.860Z and last modified on 2026-06-15T21:24:32.790Z.