Connect with us

WordPress

WordPress Plugin SEO by RankMath Security Update

Published

on

WordPress Plugin SEO by RankMath Security Update


SEO By RankMath, a popular SEO plugin recently fixed several vulnerabilities. One of the issues fixed allowed a subscriber to reset the plugin settings. Web publishers are encouraged to update their plugin.

Description of SEO By RankMath Vulnerability Fix

The WordPress Vulnerability Database (WPVULNDB) announced the vulnerability in SEO by RankMath in a post.

According to WPVULNDB:

“Allows any authenticated user (with a role as low as subscriber) to reset Settings of the plugin.”

There was also a separate Cross Site Scripting issue that was fixed.

A Cross Site Scripting vulnerability is a relatively common problem that allows an attacker to exploit an interactive part of a site (like a form) and submit code that can (among many things) obtain cookie information as well as upload data or scripts to the site.

RankMath Strengthens Security

The above security issues were fixed in version 1.0.27 of the plugin on June 21, 2019. On June 23rd, RankMath issued another update (1.0.27.2) that further strengthened security.

According to the SEO by RankMath changelog:

“Improved sanitization throughout the plugin”

Sanitization means an extra layer of coding that will stop an unexpected input from breaking a script and allowing an exploit.

For example, if a script expects data with no spaces in it, an input with spaces could in this example break the script. Sanitization is an extra step in the code that anticipates a malevolent input and will close that space to prevent the exploit from happening.

RankMath Responsibly Notifies Users

A changelog is a record of what an update changes and fixes. For every update, a WordPress plugin developer publishes a changelog that a user can read.

Screnshot of SEO by RankMath changelogSEO by RankMath responsibly notified users of a security update via their changelog.

It’s important to note that RankMath did the right thing and notified users through their changelog that this update contained a security fix.

Many plugin publishers do not alert users that an update contains a security fix.

Perhaps plugin developers fear harming their brand by acknowledging the existence of a vulnerability. Thus they sneak the fix unannounced, without mentioning it in their changelog.

It may be that some plugin developers hope nobody notices that the plugin contained a vulnerability.  In my opinion that is irresponsible. It causes a user to be unaware of the urgency of updating a plugin.

RankMath approached this security update in an honorable and transparent manner. Their changelog accurately notes the security update. That’s a sign of a trusted developer.

Of course, all plugins should be updated as soon as an update is available. Security updates should always be applied right away.



Continue Reading
Click to comment

You must be logged in to post a comment Login

Leave a Reply

WordPress

Google temporarily disables local reviews

Published

on


Google temporarily disables local reviews – Search Engine Land









Continue Reading

WordPress

Nextdoor rolls out Groups and Help Map in response to coronavirus outbreak

Published

on

Nextdoor rolls out Groups and Help Map in response to coronavirus outbreak


Nextdoor rolls out Groups and Help Map in response to coronavirus outbreak – Search Engine Land









Continue Reading

WordPress

Optimizing paid search and Amazon campaigns for seasonality

Published

on

Optimizing paid search and Amazon campaigns for seasonality


Optimizing paid search and Amazon campaigns for seasonality – Search Engine Land








Continue Reading

Trending

Copyright © 2020 Plolu.