Attention WordPress administrators! A critical security flaw has been discovered in the Really Simple Security WordPress plugin. This vulnerability could potentially allow unauthorized access to the administrative functions of your website. It is imperative that all users update their plugins to the latest version to mitigate any potential risks.
Urgent: Security Vulnerability in Really Simple Security Plugin
According to a recent report by Wordfence, a significant security vulnerability has been identified in the Really Simple Security plugin, putting millions of websites at risk worldwide. The vulnerability, identified as CVE-2024-10924, was found in plugin versions 9.0.0 to 9.1.1.1 due to a flaw in the handling of user authentication errors in the two-factor REST API actions.
This vulnerability has been assigned a critical severity rating with a CVSS score of 9.8. If exploited, an attacker could bypass authentication and gain unauthorized access to the website, particularly if two-factor authentication is enabled.
Immediate Patch Deployment
Upon discovery of the vulnerability, Wordfence promptly notified the plugin developers, who swiftly released a patch in version 9.1.2. Given the widespread use of this plugin (over 4 million active installations), it is crucial for all users to update their websites immediately to prevent any potential security breaches. The WordPress plugins team has also taken steps to automatically patch vulnerable websites.
However, it is recommended that all WordPress administrators manually check for the latest plugin updates as an added precaution.
We welcome your feedback and comments on this important issue.
