Viewing 3 replies - 1 through 3 (of 3 total)
  • What is that?

    If you read it, it is a security advisory recommending that you upgrade to the latest version of Rank Math where the vulnerability has been patched.

    Thread Starter momo-fr

    (@momo-fr)

    Ok, thanks. Sorry. ??

    Plugin Author Rank Math

    (@rankmath)

    Hello @momo-fr

    Thank you for your message.

    Yes, it is really unfortunate that we missed adding a security check in a recent Gutenberg-related update in 2 places, despite it being added to all of the remaining 9 places already. We take full responsibility for this mishap and are incredibly apologetic about it. We have already put checks into place to ensure this never happens again.

    We acted swiftly, even though it was a weekend and released an update immediately, fixing the issues, without anyone getting exploited (no one, including WordFence, has reported anyone getting exploited due to this security hole).

    The very next thing we did was to email everyone (which we don’t do for regular updates) requested them to update immediately, and made an announcement on our social media accounts as well.

    The security researcher who informed about the vulnerability tweeted about our responsiveness:
    https://twitter.com/ramuelgall/status/1245011512751558657

    That being said, this has only acted as a wakeup call and made us even more cautious than we were and we will continue to do everything in our power to ensure that this doesn’t happen.

    Also, to avoid having to update the plugin manually in the future, one can take advantage of the auto-update feature of Rank Math:
    https://rankmath.com/kb/version-control/#auto-update

    This will ensure you are always using the latest and most stable version of Rank Math without having to manually log in and update your plugin.

    Please stay advised that the affected version was 1.0.40.2 and the latest build is 1.0.41.2, which is 3 versions higher (excluding beta releases).

    Again, we are sorry that this happened but are happy that the vulnerability wasn’t exploited as it was certainly not straightforward to identify.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘[Resolved] Critical Vulnerabilities’ is closed to new replies.