statewp on Nostr: Big security flaw exposed. Keep your #WordPress site up to date and if you need any ...
Big security flaw exposed. Keep your #WordPress site up to date and if you need any help, reach out!
quoting note1zsk…5y93Critical Plugin Flaw Exposed 4 Million WordPress Websites to Takeover
A critical-severity vulnerability in the Really Simple Security plugin for WordPress potentially exposed four million websites to complete takeover, WordPress security firm Defiant warns.
Tracked as CVE-2024-10924 (CVSS score of 9.8), the issue is described as an authentication bypass that allows an unauthenticated attacker to log in as any user, including an administrator.
According to Defiant, the security defect exists because of an improper user check error handling in the plugin’s two-factor REST API action. Specifically, the bug is triggered if two-factor authentication (2FA) is enabled.
See more: https://www.securityweek.com/critical-plugin-flaw-exposed-4-million-wordpress-websites-to-takeover/
#cybersecurity #wordpress