9.8
CVSSv3

CVE-2024-10924

Published: 15/11/2024 Updated: 20/11/2024

Vulnerability Summary

Authentication Bypass in Really Simple Security WordPress Plugins

The Really Simple Security plugins for WordPress, including Free, Pro, and Pro Multisite, have an authentication bypass vulnerability in versions 9.0.0 to 9.1.1.1. This happens because of improper handling of user checks in the two-factor REST API actions, specifically in the 'check_login_and_get_user' function. This flaw allows attackers who are not logged in to access any user account on the site, including administrator accounts, if the "Two-Factor Authentication" setting is turned on, although it is off by default.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

really-simple-plugins really simple security

Github Repositories

Bypass del MFA en WordPress con el plugin Really Simple Security instalado entre las versiones 9.0.0 – 9.1.1.1.

PoC Authentication Bypass MFA Really Simple Security WordPress Plugin Accedemos a la página web de wordpress donde veremos que tiene MFA activado a través del plugin vulnerable: Debemos ejecutar la PoC y proporcionar los datos de acceso: De forma automática, se abrirá el navegador mediante un archivo temporal html dentro del panel de administraci&

Exploit for CVE-2024-10924 -> Really Simple Security < 9.1.2 authentication bypass

Exploit for CVE-2024-10924 Exploit for CVE-2024-10924 -&gt; Really Simple Security &lt; 912 authentication bypass Overview The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 900 to 9111 This vulnerability is caused by improper user check error handling in the two-factor REST API act

Simple Python script

CVE-2024-10924

WARNING: This is a vulnerable application to test the exploit for the Really Simple Security < 9.1.2 authentication bypass (CVE-2024-10924). Run it at your own risk!

wordpress-really-simple-security-authn-bypass-vulnerable-application This is a vulnerable application to test the exploit for the Really Simple Security &lt; 912 authentication bypass (CVE-2024-10924) WARNING! This application contains serious security vulnerabilities Run it at your own risk! It is recommended using a backed-up and sheltered environment (such as a VM wi

Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 – 9.1.1.1 – Authentication Bypass

CVE-2024-10924 Really Simple Security (Free, Pro, and Pro Multisite) 900 – 9111 – Authentication Bypass Description The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 900 to 9111 This is due to improper user check error handling in the two-factor REST API actions with the �

CVE-2024-10924 Authentication Bypass Using an Alternate Path or Channel (CWE-288)

CVE-2024-10924 Authentication Bypass Using an Alternate Path or Channel (CWE-288) Overview The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 900 to 9111 This vulnerability is caused by improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_us

Exploits Really Simple Security < 9.1.2 authentication bypass (CVE-2024-10924).

wordpress-really-simple-security-authn-bypass-exploit This is a Python3 program that exploits Really Simple Security &lt; 912 authentication bypass vulnerability (CVE-2024-10924) DISCLAIMER This tool is intended for security engineers and appsec people for security assessments Please use this tool responsibly I do not take responsibility for the way in which any one us

Bypass del MFA en WordPress con el plugin Really Simple Security instalado entre las versiones 9.0.0 – 9.1.1.1.

PoC Authentication Bypass MFA Really Simple Security WordPress Plugin | CVE-2024-10924 Accedemos a la página web de wordpress donde veremos que tiene MFA activado a través del plugin vulnerable: Debemos ejecutar la PoC y proporcionar los datos de acceso: De forma automática, se abrirá el navegador mediante un archivo temporal html dentro del panel

Hi, I'm ̶𝑫̶𝒊̶𝒔̶𝒆̶𝒐̶ About me About Me

PoC Authentication Bypass MFA Really Simple Security WordPress Plugin | CVE-2024-10924 Accedemos a la página web de wordpress donde veremos que tiene MFA activado a través del plugin vulnerable: Debemos ejecutar la PoC y proporcionar los datos de acceso: De forma automática, se abrirá el navegador mediante un archivo temporal html dentro del panel

CVE-2024-10924 : Wordpress Really Simple Security authentication bypass flaw in Docker Description The Really Simple Security plugins (Free, Pro, and Pro Multisite) for WordPress, versions 900 to 9111, are affected by an authentication bypass vulnerability This issue arises from improper error handling in the check_login_and_get_user function used in two-factor REST API a

Recent Articles

Security plugin flaw in millions of WordPress sites gives admin access
BleepingComputer • Bill Toulas • 17 Nov 2024

Security plugin flaw in millions of WordPress sites gives admin access By Bill Toulas November 17, 2024 10:19 AM 0 A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin 'Really Simple Security' (formerly 'Really Simple SSL'), including both free and Pro versions. Really Simple Security is a security plugin for the WordPress platform, offering SSL configuration, login protection, a two-factor authentication layer, and real-time vulnerability detect...