CVE-2024-10924 Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 - 9.1.1.1 - Authentication Bypass

🗓️ 15 Nov 2024 03:18:45Reported by WordfenceType

WordPress Really Simple Security plugins 9.0.0 - 9.1.1.1 Authentication Bypass

Reporter	Title	Published	Views	Family All 50
GithubExploit	Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security	25 Jun 202518:50	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security	23 Feb 202508:47	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security	14 Nov 202416:59	–	githubexploit
GithubExploit	Exploit for Use of Hard-coded Credentials in Mariazevedo88 Travels-Java-Api	27 Nov 202411:19	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security	11 Mar 202514:06	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security	18 Nov 202420:37	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security	22 Jan 202620:01	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security	3 Dec 202413:09	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security	5 Feb 202512:04	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security	14 Feb 202513:42	–	githubexploit

[
  {
    "vendor": "Really Simple Plugins",
    "product": "Really Simple Security Pro multisite",
    "versions": [
      {
        "version": "9.0.0",
        "status": "affected",
        "lessThanOrEqual": "9.1.1.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "rogierlankhorst",
    "product": "Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)",
    "versions": [
      {
        "version": "9.0.0",
        "status": "affected",
        "lessThanOrEqual": "9.1.1.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Really Simple Plugins",
    "product": "Really Simple Security Pro",
    "versions": [
      {
        "version": "9.0.0",
        "status": "affected",
        "lessThanOrEqual": "9.1.1.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/7d5d05ad-1a7a-43d2-bbbf-597e975446be
plugins	www.plugins.trac.wordpress.org/browser/really-simple-ssl/tags/9.1.1.1/security/wordpress/two-fa/class-rsssl-two-factor-on-board-api.php
plugins	www.plugins.trac.wordpress.org/browser/really-simple-ssl/tags/9.1.1.1/security/wordpress/two-fa/class-rsssl-two-factor-on-board-api.php
wordfence	www.wordfence.com/blog/2024/11/really-simple-security-vulnerability/
plugins	www.plugins.trac.wordpress.org/browser/really-simple-ssl/tags/9.1.1.1/security/wordpress/two-fa/class-rsssl-two-factor-on-board-api.php
plugins	www.plugins.trac.wordpress.org/changeset/3188431/really-simple-ssl

19 Nov 2024 13:37Current

CVSS 3.19.8

EPSS0.81722

CWE-288