Really Simple Security logo

Log out
Get PRO

Latest

Authentication vulnerability in Really Simple Security Pro multisite 9.1.1.1

  • Severity: critical
  • Status: Fixed
  • Publication: November 14, 2024

The security plugins for WordPress, called Really Simple Security, have a flaw that allows attackers to bypass authentication. This means that even without a username and password, they can log in as any user on the website, including administrators. This vulnerability is present in versions 9.0.0 to 9.1.1.1 and is caused by an error in the ‘check_login_and_get_user’ function in the two-factor authentication feature. This feature is usually turned off, but if enabled, it can make the site vulnerable to attacks.

Detected in:

Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) fixed vulnerable versions:
Really Simple Security Pro fixed vulnerable versions: >= 9.0.0 <= 9.1.1.1
Really Simple Security Pro multisite fixed vulnerable versions: >= 9.0.0 <= 9.1.1.1

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.