Critical Plugin Flaw Exposed 4 Million WordPress Websites to Takeover
A critical-severity vulnerability in the Really Simple Security plugin for WordPress potentially exposed four million websites to complete takeover, WordPress security firm Defiant warns.
Tracked as CVE-2024-10924 (CVSS score of 9.8), the issue is described as an authentication bypass that allows an unauthenticated attacker to log in as any user, including an administrator.
According to Defiant, the security defect exists because of an improper user check error handling in the plugin’s two-factor REST API action. Specifically, the bug is triggered if two-factor authentication (2FA) is enabled.
See more: https://www.securityweek.com/critical-plugin-flaw-exposed-4-million-wordpress-websites-to-takeover/
#cybersecurity #wordpress
Oddbean new post about login | logout