A several vulnerability has been discovered in a popular WordPress plugin used by millions of websites. Discovered by Wordfence researchers and dubbed CVE-2024-10924, the critical vulnerability affects the Really Simple Security (also known as Really Simple SSL) plugin.
Plugin versions affected are 9.0.0 and 9.1.1.1 and could impact millions of websites using this plugin.
The Really Simple Security plugin is a security plugin for WordPress websites allowing for easy SSL/HTTPS configuration, login and other protections for your websites.
The vulnerability lies in the plugin’s API handling for two-factor authentication (2FA) login. On websites using the plugin and utilizing the 2FA feature, it allows any user to bypass the user check and log in as an administrator, with full privileges.
Really Simple SSL has recently released a new version, 9.1.2, which addresses and patches this flaw.
Users of potentially affected versions should update their WordPress plugin now, and stay up to date on currently installed plugins and other software in use.
Leave a Reply