CVE-2022-36376: 
PHP vulnerability analysis and mitigation

A Server-Side Request Forgery (SSRF) vulnerability was discovered in the Rank Math SEO WordPress plugin versions 1.0.95 and below. The vulnerability was identified and assigned CVE-2022-36376, with public disclosure occurring on August 12, 2022. The issue affects WordPress installations using the vulnerable versions of the Rank Math SEO plugin (WPScan).

The vulnerability stems from improper access restrictions to certain .htaccess blocked REST endpoints when the headless settings are enabled. This security flaw has been assigned a CVSS score of 6.8 (medium severity) and is classified under CWE-918. The vulnerability falls under the OWASP Top 10 category A1: Injection (WPScan).

The vulnerability could allow unauthenticated attackers to perform Server-Side Request Forgery (SSRF) attacks against affected WordPress installations. This type of attack could potentially enable attackers to make unauthorized requests to internal systems or external services using the vulnerable server as a proxy (WPScan).

The vulnerability has been patched in version 1.0.95.1 of the Rank Math SEO plugin. Users are strongly advised to update to this version or later to protect their installations from potential exploitation (WPScan, Rank Math Changelog).