November 18, 2024 at 03:41PM
A critical flaw in the Really Simple Security WordPress plug-in, affecting over 4 million sites, allows attackers to bypass authentication and gain administrative access. Rated 9.8 on the CVSS scale, the vulnerability has been patched in version 9.1.2. Users are urged to confirm updates to protect their sites.
### Meeting Takeaways:
1. **Critical Vulnerability Identified**: A severe authentication bypass flaw was discovered in the Really Simple Security (RSS) WordPress plug-in, affecting over 4 million websites. It is rated with a CVSS score of 9.8, classifying it as critical.
2. **Affected Versions**: The vulnerability impacts versions 9.0.0 to 9.1.1.1 of both the Really Simple Security Pro and Pro Multisite plug-ins.
3. **Potential Impact**: The flaw allows attackers to remotely access any user account, including administrator accounts, especially if the two-factor authentication (2FA) feature is enabled. This poses a risk for launching automated attacks across multiple sites.
4. **Nature of the Flaw**: The vulnerability stems from improper error handling in the two-factor REST API actions, which allows the authentication process to continue even when an invalid user nonce is detected.
5. **Response Actions**: Wordfence discovered the vulnerability on November 6 and collaborated with the Really Simple Security team. A patch (version 9.1.2) was released on November 12, followed by a force update across sites using the plug-in by Really Simple Security.
6. **License Consideration**: Administrators using the plug-in should confirm that their sites have been automatically updated to the patched version, as auto-updates may not function for sites without a valid license.
7. **Recommendation for Users**: Wordfence encourages site administrators to check their plug-ins for the vulnerability and to inform others who may be using the Really Simple Security plug-in to ensure all affected sites are updated promptly.
8. **Background on Plug-in**: The Really Simple Security plug-in was previously known as Really Simple SSL and has undergone updates to include additional security features like log-in protection and vulnerability detection, which inadvertently introduced the flaw.
9. **Encouragement to Spread Awareness**: Wordfence emphasizes the importance of sharing this advisory to ensure maximum patch coverage due to the critical nature of the security risk posed by the vulnerability.
### Action Items:
– Confirm patch updates for the Really Simple Security plug-in across all affected sites.
– Inform colleagues and users about the vulnerability and the importance of updating.
– Review security practices for WordPress plug-ins to prevent similar issues in the future.