Security News > 2024 > November > Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites

2024-11-18 04:52
A critical authentication bypass vulnerability has been disclosed in the Really Simple Security (formerly Really Simple SSL) plugin for WordPress that, if successfully exploited, could grant an attacker to remotely gain full administrative access to a susceptible site. The vulnerability, tracked as CVE-2024-10924 (CVSS score: 9.8), impacts both free and premium versions of the plugin. The
News URL
https://thehackernews.com/2024/11/urgent-critical-wordpress-plugin.html
Related news
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking (source)
- IBM scores perfect 10 ... vulnerability in mission-critical OS AIX (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
- Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks (source)
- Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-11-15 | CVE-2024-10924 | Missing Authentication for Critical Function vulnerability in Really-Simple-Plugins Really Simple Security The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. | 9.8 |