Security News > 2024 > November > Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites

Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites
2024-11-18 04:52

A critical authentication bypass vulnerability has been disclosed in the Really Simple Security (formerly Really Simple SSL) plugin for WordPress that, if successfully exploited, could grant an attacker to remotely gain full administrative access to a susceptible site. The vulnerability, tracked as CVE-2024-10924 (CVSS score: 9.8), impacts both free and premium versions of the plugin. The


News URL

https://thehackernews.com/2024/11/urgent-critical-wordpress-plugin.html

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-11-15 CVE-2024-10924 Missing Authentication for Critical Function vulnerability in Really-Simple-Plugins Really Simple Security
The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1.
network
low complexity
really-simple-plugins CWE-306
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Wordpress 7 2 93 44 18 157
Plugin 2 0 13 1 0 14