November 17, 2024 at 11:37AM
A critical vulnerability (CVE-2024-10924) in the ‘Really Simple Security’ WordPress plugin allows unauthorized access due to improper user authentication handling. Wordfence warns it enables mass exploitation, urging forced updates. The flaw affects versions 9.0.0 to 9.1.1.1, with a fix released in version 9.1.2. Users must manually update to avoid risks.
### Key Takeaways from Meeting Notes
1. **Vulnerability Announcement**:
– A critical authentication bypass vulnerability has been identified in the WordPress plugin ‘Really Simple Security’ (formerly ‘Really Simple SSL’), affecting both the free and Pro versions.
2. **Security Impact**:
– The vulnerability, classified as CVE-2024-10924, allows remote attackers to gain full administrative access to affected sites and can be exploited automatically, posing a risk of large-scale website takeovers.
3. **Research Findings**:
– Discovered by István Márton of Wordfence on November 6, 2024, the flaw is due to improper handling of user authentication in the plugin’s two-factor authentication (2FA) mechanisms.
4. **Exploitation Details**:
– The issue stems from the ‘check_login_and_get_user()’ function, which fails to properly reject invalid ‘login_nonce’ parameters, allowing unauthorized access via valid ‘user_id’ authentication.
5. **Versions Affected**:
– The vulnerability affects plugin versions from 9.0.0 to 9.1.1.1 for both free, Pro, and Pro Multisite releases.
– As of the latest stats, approximately 3.5 million sites remain potentially exposed, with only around 450,000 having been updated to the latest version.
6. **Mitigation Measures**:
– The developer has released a fix in version 9.1.2, addressing the vulnerability by ensuring correct handling of ‘login_nonce’ verification fails.
– WordPress.org has coordinated force security updates for users, but website administrators must confirm they are using version 9.1.2.
– Users with expired Pro licenses must manually update as auto-updates are disabled.
7. **Recommendations**:
– Wordfence suggests that hosting providers should implement force updates for affected plugins and perform scans to ensure security compliance.
### Action Items:
– **For Website Administrators**:
– Verify your current version of the Really Simple Security plugin and update to 9.1.2 if not already done.
– Monitor for any further instructions from hosting providers regarding forced updates or additional security measures.
This summary encapsulates the critical points regarding the vulnerability in question and provides actionable insights for affected users.