Scaner-VSvulnerability catalog · v4.2

Home Catalog Sources CWE CAPEC ATT&CK Mitigations Products Vendors Docs

← Back to List

Really-simple-plugins›Applicationnvd

Really Simple Security

Vulnerabilities

1

Known exploited

0

Max CVSS

9.8

Top EPSS

0.81722

Severity breakdown

Critical

1

High

0

Medium

0

Low

0

Affected version ranges

9.0.0–9.1.2

Also matched as (raw): really_simple_security

Top vulnerabilities

CVE-2024-10924The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default).

View vendor →Open in catalog with product filter →