CVE-2025-12958
Rankology SEO and Analytics Tool <= 2.0 - Incorrect Authorization to Authenticated (Editor+) Header & Footer Code Creation
Vexday Risk Score
8Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 2.7EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
07 ene 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The Rankology SEO and Analytics Tool plugin for WordPress is vulnerable to unauthorized modification of data due to an incorrect capability check on the 'rankology_code_block' page in all versions up to, and including, 2.0. This makes it possible for authenticated attackers, with Editor-level access and above, to add header and footer code blocks.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Productos afectados
rankology · Rankology SEO and Analytics Tool¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3441084%40rankology-seo-and-analytics-tool&new=3441084%40rankology-seo-and-analytics-tool&sfp_email=&sfph_mail=https://wordpress.org/plugins/rankology-seo-and-analytics-tool/https://www.wordfence.com/threat-intel/vulnerabilities/id/c97a341c-23f5-49a9-ad05-1fb387047e3b?source=cve