CVE-2025-12958

Rankology SEO and Analytics Tool <= 2.0 - Incorrect Authorization to Authenticated (Editor+) Header & Footer Code Creation

CVSS 2.7 LOWEPSS 0.2%CWE-285

Vexday Risk Score

8Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 2.7EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

07 jan 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

The Rankology SEO and Analytics Tool plugin for WordPress is vulnerable to unauthorized modification of data due to an incorrect capability check on the 'rankology_code_block' page in all versions up to, and including, 2.0. This makes it possible for authenticated attackers, with Editor-level access and above, to add header and footer code blocks.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Produtos afetados

rankology · Rankology SEO and Analytics Tool

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3441084%40rankology-seo-and-analytics-tool&new=3441084%40rankology-seo-and-analytics-tool&sfp_email=&sfph_mail=https://wordpress.org/plugins/rankology-seo-and-analytics-tool/https://www.wordfence.com/threat-intel/vulnerabilities/id/c97a341c-23f5-49a9-ad05-1fb387047e3b?source=cve