CVE-2026-27397 WordPress Really Simple Security Pro plugin <= 9.5.4.0 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Really Simple Plugins B.V. Really Simple Security Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simple Security Pro: from n/a through 9.5.4.0...

CVE-2026-27397

CVE-2026-27397 corresponds to an IDOR/authorization bypass in the WordPress plugin Really Simple Security Pro (Really Simple Plugins B.V.). The issue arises from incorrectly configured access control levels, allowing unauthorized access via a user-controlled key. Affected range includes Really Si...

WordPress Plugin 'Really Simple Security Pro' 9.0.0 < 9.1.2 Authentication Bypass

The WordPress application running on the remote host has a version of the 'Really Simple Security Pro' plugin that is 9.0.x prior to 9.1.2. It is, therefore, affected by an authentication bypass vulnerability. This is due to improper user check error handling in the two-factor REST API actions wi...

WordPress Plugin 'Really Simple Security Pro Multisite' 9.0.0 < 9.1.2 Authentication Bypass

The WordPress application running on the remote host has a version of the 'Really Simple Security Pro Multisite' plugin that is 9.0.x prior to 9.1.2. It is, therefore, affected by an authentication bypass vulnerability. This is due to improper user check error handling in the two-factor REST API...

WordPress Really Simple Security Pro Plugin 9.0.x < 9.1.2 Authentication Bypass Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:reallysimplesecurity:reallysimplesecuritypro"; if descriptio...

WordPress Really Simple Security Pro multisite Plugin 9.0.0-9.1.1.1 - Account Takeover vulnerability

Account Takeover vulnerability discovered by István Márton in WordPress Plugin Really Simple Security Pro multisite versions 9.0.0-9.1.1.1...

WordPress Really Simple Security Pro multisite Plugin 9.0.0-9.1.1.1 is vulnerable to Broken Authentication

Software Really Simple Security Pro multisite Type Plugin Vulnerable versions 9.0.0-9.1.1.1 Fixed in 9.1.2 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-10924 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 976349dfad8d Credits...