November 16, 2024
The Really Simple Security plugin has a serious security flaw that puts more than 4 million WordPress websites at risk of cyberattack. Due to this vulnerability, attackers can get around two-factor authentication (2FA) and access high-privileged accounts without authorization, which could result in total site takeovers. The possibility of vulnerability :CVE-2024-10924. The 2FA feature of the plugin contains the major weakness, which has been tagged as the CVE-2024-10924. Because of the plugin’s improper handling of user verification errors, attackers are able to get around authentication and access accounts using an unconfirmed user ID. Because of this vulnerability, hackers might be able to access a WordPress website without carrying out the required safety checks. Effects on WordPress Websites With more than 4 million websites utilizing the Pretty Simple Security plugin, this security flaw might have an enormous effect. Ex Attackers can take control of accounts with higher privileges, like administrators’ accounts, by exploiting this vulnerability.Attackers can take control of high-privileged accounts, including , by taking advantage of this vulnerability. Malicious activity like stealing information, site vandalism, or greater exploitation are made possible by this. Fast Reaction and Patch Installation As soon as the vulnerability was identified, Really Simple Security’s maintainers promptly deployed patches for the plugin’s Pro and Free versions. Users who were using the vulnerable plugin were sent the fixed version, v9.1.2, from the WordPress team. For impacted sites, this forced upgrade guarantees that the bug will be fixed right away. What You Must Do Right Away Make sure your website is running version 9.1.2 or later if you employ the Really Simple Safety plugin. To avoid future vulnerabilities, site managers should also think about turning on automatic plugin updates and often checking security settings. Keeping your site updated with security fixes is crucial to protecting it from future attacks, especially considering the graveness of CVE-2024-10924 is.