security vulnerability

#663486
  • Resolved Anonymous

    1 year, 11 months ago

    Rank Math free

    Dear Rank Math Team,

    Today, I received the message that our website was no longer accessible. Our site fell victim to a hacker attack, and it appears that this attack originated through your plugin.

    With this ticket, I simply want to inform you that the attack was executed through your plugin, suggesting that there may be a certain security vulnerability in the system.

    I still have the log files associated with this attack, which I can gladly send to you. These logs contain server paths and details on how everything was carried out.

    Best regards,
    Jan

Viewing 4 replies - 1 through 4 (of 4 total)
  • Reinelle

    1 year, 11 months ago

    Hello,

    Thank you for contacting Rank Math and bringing your concern to our attention. I’m sorry for the delay and for any inconvenience this issue may have caused you.

    The errors are not sign of an attack, but rather a bug on our latest version of the plugin if your website’s WP debug mode is enabled

    However, our dev team released a Beta version of the plugin that fixes the codes/errors appearing.

    Please try updating to the beta version of Rank Math by following this guide: https://rankmath.com/kb/version-control/#beta-updates

    If you don’t see an update available, please go to Rank Math > Status & Tools > Database Tools > Remove Rank Math Transients > Remove transients. Then, clear your caches, server, and WordPress and check again.

    You can disable the Beta updates once you update to the latest version (which will be released soon) and if the issue is gone.

    Hope that helps.

    Thank you.

    Anonymous

    1 year, 11 months ago

    Rank Math free

    Alright, but I never activated the WP Debug mode. Moreover, I received several notifications via Limit Login Attempts. Additionally, my hosting provider reported that there have been over 99 attacks in the past three days. Hence, I am led to believe that it is associated with the Rank Math plugin.

    Anonymous

    1 year, 11 months ago

    Rank Math free

    I also wanted to note that my hosting provider’s support specifically mentioned an attack, which appears to be related to the plugin. Furthermore, this attack even resulted in a change of the table prefix in my WP database, which naturally raises several questions. In this matter, I’m not looking to assign blame, but rather to seek clarification and consult.
    Best regards!

    Uzair

    1 year, 11 months ago

    Hello,

    Rank Math is installed on 2.3M websites. It is not possible for us to have a vulnerability without everyone in the WordPress sphere knowing about it. Even in the past when such occurrences were reported, we fixed them before the issues were made public.

    If you host provides some proof that leads you to believe it was due to Rank Math, we would be more than happy to investigate further but as of now – we don’t see anything to the contrary.

    RankBot

    1 year, 10 months ago

    Hello,

    Since we did not hear back from you for 15 days, we are assuming that you found the solution. We are closing this support ticket.

    If you still need assistance or any other help, please feel free to open a new support ticket, and we will be more than happy to assist.

    Thank you.

Viewing 4 replies - 1 through 4 (of 4 total)

The ticket ‘security vulnerability’ is closed to new replies.