CVE-2020-11515

MEDIUM EXPLOITED NUCLEI

Rank Math SEO < 1.0.40.2 - Unauthenticated Arbitrary URI Creation via rankmath/v1/updateRedirection Endpoint

Title source: llm

Exploitation Summary

CVE-2020-11515 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including halilkirazkaya. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains a functional PoC for CVE-2020-11515, demonstrating how unauthenticated attackers can exploit the Rank Math WordPress plugin's unsecured REST API endpoint to create arbitrary redirects. The PoC includes a crafted HTTP POST request to the vulnerable endpoint, allowing the creation of new URIs that redirect to external sites.

Description

The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that redirect to an external web site) via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an "Open Redirect" issue; instead, it allows the attacker to create a new URI with an arbitrary name (e.g., the /exampleredirect URI).

Exploits (1)

github WORKING POC 4 stars

by halilkirazkaya · poc

https://github.com/halilkirazkaya/cve-poc-garage/tree/main/2020/CVE-2020-11515.md

View Code ZIP pw:eip

The repository contains a functional PoC for CVE-2020-11515, demonstrating how unauthenticated attackers can exploit the Rank Math WordPress plugin's unsecured REST API endpoint to create arbitrary redirects. The PoC includes a crafted HTTP POST request to the vulnerable endpoint, allowing the creation of new URIs that redirect to external sites.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Rank Math WordPress plugin through 1.0.40.2

No auth needed

Prerequisites: WordPress site with Rank Math plugin installed and vulnerable version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 27, 2026 Full analysis →

Nuclei Templates (1)

Rank Math SEO <= 1.0.40.2 - Redirect Creation via Unprotected REST API Endpoint

MEDIUMVERIFIEDby s4e-io

References (3)

Core 3

Core References

Product, Release Notes x_refsource_misc

https://rankmath.com/changelog/

Product x_refsource_misc

https://wordpress.org/plugins/seo-by-rank-math/#developers

Exploit, Third Party Advisory x_refsource_misc

https://www.wordfence.com/blog/2020/03/critical-vulnerabilities-affecting-over-200000-sites-patched-in-rank-math-seo-plugin/

Scores

CVSS v3 6.1

EPSS 0.0207

EPSS Percentile 78.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

VulnCheck KEV 2023-01-30

CWE

CWE-601

Status published

Products (1)

rankmath/seo < 1.0.40.2

Published Apr 07, 2020

Tracked Since Feb 18, 2026