Home Security Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites

Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites

by


Nov 18, 2024Ravie LakshmananVulnerability / Website Security

A critical authentication bypass vulnerability has been disclosed in the Really Simple Security (formerly Really Simple SSL) plugin for WordPress that, if successfully exploited, could grant an attacker to remotely gain full administrative access to a susceptible site.

The vulnerability, tracked as CVE-2024-10924 (CVSS score: 9.8), impacts both free and premium versions of the plugin. The software is installed on over 4 million WordPress sites.

“The vulnerability is scriptable, meaning that it can be turned into a large-scale automated attack, targeting WordPress websites,” Wordfence security researcher István Márton said.

Cybersecurity

Following responsible disclosure on November 6, 2024, the shortcoming has been patched in version 9.1.2 released a week later. This risk of possible abuse has prompted the plugin maintainers to work with WordPress to force-update all sites running this plugin prior to public disclosure.

According to Wordfence, the authentication bypass vulnerability, found in versions 9.0.0 to 9.1.1.1, arises from improper user check error handling in a function called “check_login_and_get_user,” thereby allowing unauthenticated attackers to login as arbitrary users, including administrators, when two-factor authentication is enabled.

WordPress Plugin Vulnerability

“Unfortunately, one of the features adding two-factor authentication was insecurely implemented making it possible for unauthenticated attackers to gain access to any user account, including an administrator account, with a simple request when two-factor authentication is enabled,” Márton said.

Successful exploitation of the vulnerability could have serious consequences, as it could permit malicious actors to hijack WordPress sites and further use them for criminal purposes.

The disclosure comes days after Wordfence revealed another critical shortcoming in the WPLMS Learning Management System for WordPress, WordPress LMS (CVE-2024-10470, CVSS score: 9.8) that could enable unauthenticated threat actors to read and delete arbitrary files, potentially resulting in code execution.

Cybersecurity

Specifically, the theme, prior to version 4.963, is “vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks,” allowing unauthenticated attackers to delete arbitrary files on the server.

“This makes it possible for unauthenticated attackers to read and delete any arbitrary file on the server, including the site’s wp-config.php file,” it said. “Deleting wp-config.php forces the site into a setup state, allowing an attacker to initiate a site takeover by connecting it to a database under their control.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex