#CVE202410924

Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites

by

November 17, 2024 at 11:57PM A critical authentication bypass vulnerability (CVE-2024-10924) in the Really Simple Security plugin for WordPress could allow attackers to gain full admin access. Affecting over 4 million sites, the vulnerability has been patched in version 9.1.2 after responsible disclosure. Similar vulnerabilities were also found in WPLMS Learning Management System. ### Meeting … Read more

Security plugin flaw in millions of WordPress sites gives admin access

by

November 17, 2024 at 11:37AM A critical vulnerability (CVE-2024-10924) in the ‘Really Simple Security’ WordPress plugin allows unauthorized access due to improper user authentication handling. Wordfence warns it enables mass exploitation, urging forced updates. The flaw affects versions 9.0.0 to 9.1.1.1, with a fix released in version 9.1.2. Users must manually update to avoid risks. … Read more