A critical privilege escalation vulnerability found in the WordPress SEO plugin Rank Math plugin can allow attackers to give administrator privileges to any registered user on one of the 200,000 sites with active installations if left unpatched. Rank Math is a WordPress plugin described by its developers as ‘the Swiss army knife of WordPress SEO’ Researchers also discovered a second vulnerability that made it possible for unauthenticated attackers “to create redirects from almost any location on the site to any destination of their choice”” The development team released Rank Math 1.0.41.41 on March 26
Source: