Critical Vulnerability in Wordpress Really Simple Security Plugin

Published on 25 Nov 2024

Really Simple Security has released security updates to address a critical vulnerability (CVE-2024-10924) in its Really Simple Security Wordpress plugin product. The plugin is a security plugin for the WordPress platform, offering SSL configuration, login protection, a two-factor authentication layer, and real-time vulnerability detection. The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.8 out of 10.

Successful exploitation of the authentication bypass vulnerability could allow a remote unauthenticated attacker to gain access to any account on the site, including the administrator account, even when the two-factor authentication feature is enabled.

The critical vulnerability affects product versions 9.0.0 – 9.1.1.1, inclusive.

Users and administrators of affected product versions are advised to update to the latest version immediately.

More information is available here:

https://nvd.nist.gov/vuln/detail/CVE-2024-10924

https://www.wordfence.com/blog/2024/11/really-simple-security-vulnerability/