PLUGIN SECURITY
Is Seo By Rank Math safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the Seo By Rank Math WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
seo-by-rank-math - Requires PHP: 7.4+
- Max supported PHP (analyzed): 8.4
Known vulnerabilities
- Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.0.41 [CVE-2020-11514, Rank Math SEO <= 1.0.40.2 - Privilege Escalation via Unprotected REST API Endpoint, WordPress SEO Plugin - Rank Math < 1.0.41 - Privilege Escalation via Unprotected REST API Endpoint]
- Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.0.41 [CVE-2020-11515, Rank Math SEO <= 1.0.40.2 - Redirect Creation via Unprotected REST API Endpoint, WordPress SEO Plugin - Rank Math < 1.0.41 - Redirect Creation via Unprotected REST API Endpoint]
- Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.27.1 [CVE-2019-14786, Rank Math SEO <= 1.0.27 - Authenticated Settings Reset via reset-cmb Parameter, Seo By Rank Math <= 1.0.27 - Authenticated Settings Reset]
- Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.27.1 [WordPress SEO By Rank Math plugin <= 1.0.27 - Authenticated Settings Reset vulnerability]
- Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.27 [WordPress SEO by Rank Math plugin <= 1.0.26 - Cross-Site Scripting (XSS) vulnerabilities]
+ 23 more known vulnerabilities
- Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.95.1 [CVE-2022-36376, Rank Math SEO <= 1.0.95 - Server-Side Request Forgery, WordPress Rank Math SEO Plugin <= 1.0.95 is vulnerable to Server Side Request Forgery (SSRF), Rank Math SEO < 1.0.95.1 - Unauthenticated SSRF]
- Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.42.2 [Rank Math SEO <= 1.0.42.1 - Missing Authorization]
- Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.27 [Rank Math SEO <= 1.0.26 - Cross-Site Scripting]
- Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.107.3 [RankMath SEO <= 1.0.107.2 - Authenticated (Contributor+) Local File Inclusion]
- Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.119.1 [CVE-2023-23888, WordPress Rank Math SEO Plugin <= 1.0.107.2 is vulnerable to Local File Inclusion, Rank Math SEO < 1.0.107.3 - Contributor+ LFI]
- Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.119.1 [Rank Math SEO <= 1.0.119 - Authenticated (Contributor+) Stored Cross-Site Scripting]
- Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.119.1 [CVE-2023-32600, WordPress Rank Math SEO Plugin <= 1.0.119 is vulnerable to Cross Site Scripting (XSS), Rank Math SEO < 1.0.119.1 - Contributor+ Stored XSS]
- Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.42.2 [Rank Math 0.9~1.0.42.1 - Authenticated Missing Access Controls to Disable Competitor Plugins]
- Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.27 [Seo by Rank Math <= 1.0.26 - XSS Issues]
- Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.215 [CVE-2024-2536, Rank Math SEO with AI SEO Tools <= 1.0.214 - Authenticated(Contributor+) Stored Cross-Site Scripting via HowTo block attributes, WordPress Rank Math SEO Plugin <= 1.0.214 is vulnerable to Cross Site Scripting (XSS), Rank Math SEO with AI SEO Tools < 1.0.215 - Contributor+ Stored XSS]
- Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.217 [CVE-2024-3665, Rank Math SEO with AI SEO Tools <= 1.0.216 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'titleWrapper', WordPress Rank Math SEO Plugin <= 1.0.216 is vulnerable to Cross Site Scripting (XSS)]
- Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.218 [CVE-2024-4335, Rank Math SEO with AI Best SEO Tools <= 1.0.217 - Authenticated (Contributor+) Stored Cross-Site Scripting, WordPress Rank Math SEO Plugin <= 1.0.217 is vulnerable to Cross Site Scripting (XSS)]
- Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.219 [CVE-2024-4617, WordPress Rank Math SEO Plugin <= 1.0.218 is vulnerable to Cross Site Scripting (XSS), Rank Math SEO with AI Best SEO Tools <= 1.0.218 - Authenticated (Contributor+) Stored Cross-Site Scripting]
- Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.219 [CVE-2024-4627, Rank Math SEO <= 1.0.218 - Authenticated (Administrator+) Stored Cross-Site Scripting, WordPress Rank Math SEO Plugin < 1.0.219 is vulnerable to Cross Site Scripting (XSS)]
- Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.229 [CVE-2024-9161, Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.228 - Missing Authorization to Unauthenticated User and Term Metadata Insert, Update, and Delete, WordPress Rank Math SEO Plugin <= 1.0.228 is vulnerable to Broken Access Control]
- Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.229 [CVE-2024-9314, Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.228 - Authenticated (Administrator+) PHP Object Injection, WordPress Rank Math SEO Plugin <= 1.0.228 is vulnerable to PHP Object Injection]
- Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.232 [CVE-2024-11620, WordPress Rank Math SEO Plugin <= 1.0.231 is vulnerable to Remote Code Execution (RCE), Rank Math SEO <= 1.0.231 - .htaccess File Manipulation to Remote Code Execution]
- Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.236 [CVE-2024-13227, WordPress Rank Math SEO Plugin <= 1.0.235 is vulnerable to Cross Site Scripting (XSS), Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.235 - Authenticated (Contributor+) Stored Cross-Site Scripting via Rank Math API, EUVD-2024-51446]
- Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.236 [CVE-2024-13229, Rank Math SEO <= 1.0.235 - Missing Authorization to Authenticated (Contributor+) Arbitrary Schema Deletion, EUVD-2024-51447]
- Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.253 [CVE-2025-64351, Rank Math SEO <= 1.0.252.1 - Authenticated (Subscriber+) Information Exposure, EUVD-2025-37341]
- Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.253 [CVE-2025-64350, Rank Math SEO <= 1.0.252.1 - Missing Authorization]
- Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.271.1 [CVE-2025-12714, Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.271 - Missing Authorization to Unauthenticated Homepage Settings Modification]
- Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math] < 1.0.271.1 [CVE-2026-34892, Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.271 - Missing Authorization, Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.271 - Missing Authorization]
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- SureRank SEO – Smart Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema — 300000+ active installs — max PHP 8.4
- SEOPress – AI SEO Plugin & On-site SEO — 300000+ active installs — max PHP <8.0
- 301 Redirects – Redirect Manager — 300000+ active installs — max PHP 8.4
- All 404 Redirect to Homepage — 200000+ active installs
- 404 to 301 – Redirect Manager, 404 Error Logs & Notifications — 100000+ active installs — max PHP 8.4
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.