Yesterday Wordfence announced that their Threat Intelligence team found 2 vulnerabilities in the WordPress SEO Plugin - Rank Math. The vulnerability would allow an attacker to grant or revoke admin privileges for any registered users on the website. The attacker could also create re-directs from almost any location on the site to a destination they chose.
This issue was privately disclosed to Rank Math’s developers on March 25, 2020, and the developers released a patch on March 26, 2020.
At this moment, any version of Rank Math below version 1.0.41 is vulnerable and it is highly recommended that if you are using the Rank Math SEO plugin that you update to the latest version.