Hello,
Thanks for contacting us, and sorry for any inconvenience that might have been caused due to that.
We already released a version (v1.0.119.1) a few days back fixing the issue:
https://rankmath.com/changelog/free/
However, the risk caused by that is limited since an attacker would need to be able to create a WordPress post and not be able to include JavaScript otherwise, which is only true of two of the four WordPress roles that can create posts. Untrusted individuals usually wouldn’t have the ability to create new posts.
Please read here for more: https://www.pluginvulnerabilities.com/2023/07/18/authenticated-persistent-cross-site-scripting-xss-vulnerability-fixed-in-rank-math-seo/
Hope that helps, and please do not hesitate to let us know if you need our assistance with anything else.
Thank you.
Hello,
Since we did not hear back from you for 15 days, we are assuming that you found the solution. We are closing this support ticket.
If you still need assistance or any other help, please feel free to open a new support ticket, and we will be more than happy to assist.
Thank you.
