WordPress Security Alert: Major Flaw in Popular Plug-in Risks Admin Takeover!
The Really Simple Security plug-in for WordPress, installed on over 4 million sites, has a critical flaw enabling full administrative takeover. Wordfence researchers identified this vulnerability in the two-factor authentication feature, urging immediate updates. The flaw’s widespread impact makes it a prime target for automated attacks on WordPress plug-ins worldwide.
Hot Take:
When a “really simple” plug-in becomes a really big problem, it’s time to take WordPress security more seriously. Who knew that adding a little two-factor authentication could accidentally open the door wide for cyber goons? WordPress site owners, consider this your wake-up call to patch up before it’s game over!
Key Points:
- A critical vulnerability in the Really Simple Security WordPress plug-in exposes sites to admin takeover.
- The flaw affects versions 9.0.0 to 9.1.1.1 and scores a CVSS rating of 9.8.
- The vulnerability allows remote access to any account, including admin, if 2FA is enabled.
- Wordfence and Really Simple Security issued a patch on November 12, force-updating sites two days later.
- WordPress users are advised to ensure their plug-in is updated to the patched version.
Already a member? Log in here