Critical vulnerability in the popular WordPress safety plug: deep analysis

Really Simple Security is a WordPress plugin designed to enhance WordPress websites against operation, inclusion of two -factor authentication, vulnerable vulnerabilities, and SSL certificate generation. One of the reasons he advertises as easy is that it is a modular software that allows users to choose which safety improvements are to be switched on so that the processes for disabled functionality do not download or slow down the website.

"Really Simple Security (Free, Pro, and Pro Multisite) WordPress plugins are vulnerable to bypass authentication in versions from 9.0.0 to 9.1.1.1.1. This is due to improper processing Unaffected attackers to enter any existing user on the site, for example, as an administrator, when the "two-factor authentication" setting is included (default).

🚀 If you use the Really Simple Security plugin, it is recommended that you immediately update it to Version 9.1.2 or above. Update contains correction for this vulnerability. Despite the fact that Wordfence has already blocked several attacks aimed at this vulnerability, it is important to stay up to date with security updates to protect your website from potential threats.

• 📌 You can use vulnerability to access any registered website, including the administrator, simply knowing the username.
• 📌 This is known as vulnerability to non -authenticated access, one of the most serious types of shortcomings, since it is generally easier to operate than an "authenticated" shortcomings that requires the attacker to first get a username and password of a registered user.
• 📌 Wordfence has already blocked 310 attacks aimed at this vulnerability for the last 24 hours.