WordPress Panic: Really Simple Security Bug Puts 4 Million Sites at Risk!
WordPress sites beware! The Really Simple Security plugin has a critical vulnerability, potentially exposing four million websites to takeover. An authentication bypass (CVE-2024-10924) allows attackers to log in as admins. Patch to version 9.1.2 ASAP, unless you enjoy unexpected guests in your site’s backend.
Hot Take:
Looks like the “Really Simple” in Really Simple Security just became “Really Simple to Hack.” With a CVSS score of 9.8, this vulnerability is about as dangerous as leaving your front door open with a “Please Don’t Rob Me” sign. Get those updates rolling, WordPress warriors, before your blog turns into a hacker’s playground.
Key Points:
- A critical vulnerability in the Really Simple Security plugin for WordPress could allow attackers to take over four million websites.
- The flaw, CVE-2024-10924, holds a CVSS score of 9.8, indicating extreme severity and involves an authentication bypass.
- The issue stems from improper user check error handling in the plugin’s two-factor REST API action.
- Patches were released on November 12 and 14, with version 9.1.2 automatically deployed by WordPress.
- Site administrators are advised to check that they are running the patched version to prevent unauthorized access.
Already a member? Log in here