A pair of security vulnerabilities in the WordPress search engine optimization (SEO) plugin, known as Rank Math, could allow remote cybercriminals to elevate privileges and install malicious redirects onto a target site. A second vulnerability could be used to prevent access to almost all of a site s existing content, by simply redirecting visitors to a malicious site. Wordfence disclosed the bugs to the developer of the plugin, which has more than 200,000 installations. A patch is now available in the latest version, 1.0.41.41, so Web administrators should update their sites.
Source: https://threatpost.com/critical-wordpress-plugin-bug-lock-admins-out/154354/