CVE-2026-8293

The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor authentication REST endpoints, allowing an attacker who knows a user's password to obtain a WordPress authentication session for that user without completing the email...

CVE-2026-8293

CVE-2026-8293 affects the WordPress plugin Really Simple Security (before 9.5.10.1). The issue: two-factor authentication REST endpoints do not enforce the second-factor challenge, allowing an attacker who knows a user’s password to obtain a WordPress authentication session without completing the...

CVE-2026-8293 Really Simple Security < 9.5.10.1 - Authentication Bypass via Two-Factor OTP Skip

The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor authentication REST endpoints, allowing an attacker who knows a user's password to obtain a WordPress authentication session for that user without completing the email...

CVE-2026-27397

Authorization Bypass Through User-Controlled Key vulnerability in Really Simple Plugins B.V. Really Simple Security Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simple Security Pro: from n/a through 9.5.4.0...

EUVD-2026-13055

Authorization Bypass Through User-Controlled Key vulnerability in Really Simple Plugins B.V. Really Simple Security Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simple Security Pro: from n/a through 9.5.4.0...

CVE-2026-27397 WordPress Really Simple Security Pro plugin <= 9.5.4.0 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Really Simple Plugins B.V. Really Simple Security Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simple Security Pro: from n/a through 9.5.4.0...

CVE-2026-27397

CVE-2026-27397 corresponds to an IDOR/authorization bypass in the WordPress plugin Really Simple Security Pro (Really Simple Plugins B.V.). The issue arises from incorrectly configured access control levels, allowing unauthorized access via a user-controlled key. Affected range includes Really Si...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Really-Simple-Plugins Really_Simple_Security

CVE-2024-10924 — WordPress Auth Bypass Toolkit Really Sim...

WordPress Really Simple Security Pro plugin <= 9.5.4.0 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by dcodx in WordPress Plugin Really Simple Security Pro versions = 9.5.4.0...

CVE-2025-24623

Cross-Site Request Forgery CSRF vulnerability in Really Simple Plugins Really Simple SSL really-simple-ssl allows Cross Site Request Forgery.This issue affects Really Simple SSL: from n/a through = 9.1.4...

Really Simple Security 9.1.1.1 - Authentication Bypass

!/usr/bin/env python3 Exploit Title: Really Simple Security 9.1.1.1 - Authentication Bypass Date: 2024-11-19 Exploit Author: Antonio Francesco Sardella Vendor Homepage: https://really-simple-ssl.com/ Software Link: https://really-simple-ssl.com/ Version: Really Simple Security Free, Pro, and Pro...

Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security

🚀 WordPress Really Simple Security Plugin Vulnerability CVE-2...

CVE-2024-10924

The Really Simple Security Free, Pro, and Pro Multisite plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'checkloginandgetuser' function. This makes it possible...

Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security

CVE-2024-10924-Exploit Really Simple Security Free, Pro, and...

CVE-2025-24623 WordPress Really Simple Security plugin <= 9.1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Really Simple Plugins Really Simple SSL really-simple-ssl allows Cross Site Request Forgery.This issue affects Really Simple SSL: from n/a through = 9.1.4...

CVE-2025-24623 WordPress Really Simple Security plugin <= 9.1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Really Simple Plugins Really Simple SSL really-simple-ssl allows Cross Site Request Forgery.This issue affects Really Simple SSL: from n/a through = 9.1.4...

CVE-2025-24623

CVE-2025-24623 is a CSRF vulnerability in the WordPress plugin Really Simple Security (formerly Really Simple SSL) affecting versions n/a through 9.1.4. The CVSSv3.1 base score is 4.3 (Medium) with network attack vector, required user interaction, and no confidentiality/availability impact, and p...

Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security

PoC Authentication Bypass MFA Really Simple Security WordPress...

WordPress Plugin 'Really Simple Security' 9.0.0 < 9.1.2 Authentication Bypass

The WordPress application running on the remote host has a version of the 'Really Simple Security' plugin that is 9.0.x prior to 9.1.2. It is, therefore, affected by an authentication bypass vulnerability. This is due to improper user check error handling in the two-factor REST API actions with t...

WordPress Plugin 'Really Simple Security Pro' 9.0.0 < 9.1.2 Authentication Bypass

The WordPress application running on the remote host has a version of the 'Really Simple Security Pro' plugin that is 9.0.x prior to 9.1.2. It is, therefore, affected by an authentication bypass vulnerability. This is due to improper user check error handling in the two-factor REST API actions wi...