Published on 25 Nov 2024
Really Simple Security has released security updates to address a critical vulnerability (CVE-2024-10924) in its Really Simple Security Wordpress plugin product. The plugin is a security plugin for the WordPress platform, offering SSL configuration, login protection, a two-factor authentication layer, and real-time vulnerability detection. The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.8 out of 10.
Successful exploitation of the authentication bypass vulnerability could allow a remote unauthenticated attacker to gain access to any account on the site, including the administrator account, even when the two-factor authentication feature is enabled.
The critical vulnerability affects product versions 9.0.0 – 9.1.1.1, inclusive.
Users and administrators of affected product versions are advised to update to the latest version immediately.
More information is available here:
https://nvd.nist.gov/vuln/detail/CVE-2024-10924
https://www.wordfence.com/blog/2024/11/really-simple-security-vulnerability/