What is Nostr?
zCat
npub1zm7…pnd6
2024-11-16 13:52:53

zCat on Nostr: Critical Plugin Flaw Exposed 4 Million WordPress Websites to Takeover A ...

Critical Plugin Flaw Exposed 4 Million WordPress Websites to Takeover

A critical-severity vulnerability in the Really Simple Security plugin for WordPress potentially exposed four million websites to complete takeover, WordPress security firm Defiant warns.

Tracked as CVE-2024-10924 (CVSS score of 9.8), the issue is described as an authentication bypass that allows an unauthenticated attacker to log in as any user, including an administrator.

According to Defiant, the security defect exists because of an improper user check error handling in the plugin’s two-factor REST API action. Specifically, the bug is triggered if two-factor authentication (2FA) is enabled.

See more: https://www.securityweek.com/critical-plugin-flaw-exposed-4-million-wordpress-websites-to-takeover/

#cybersecurity #wordpress
Author Public Key
npub1zm7jduqq2nmxz5wxh4ujtm00g9vxzqa0r82yt7flvm67yje5gfaqa5pnd6