Critical flaw in 'Really Simple Security' Plugin exposes millions of WordPress sites !

In this video, you will diving into a critical security issue affecting the WordPress plugin 'Really Simple Security,' previously known as 'Really Simple SSL.' This vulnerability, identified as CVE-2024-10924, is a big deal because it allows remote attackers to gain full administrative access to your site.

So, what exactly happened? Wordfence discovered this flaw and called it one of the most severe they've seen in 12 years. The problem lies in the plugin's two-factor authentication (2FA) system. Specifically, there's a bug in the 'check_login_and_get_user()' function that lets attackers bypass authentication if 2FA is enabled.

This issue affects versions 9.0.0 to 9.1.1.1 of the plugin. The good news is that the developers have fixed it in version 9.1.2, released on November 12 for Pro users and November 14 for free users. WordPress.org has also pushed out force security updates, but it's crucial for all site admins to check and ensure they're running the latest version. Pro users with expired licenses will need to update manually.

That's it for today's update. Make sure to like, subscribe, and hit the bell icon for more security news. Stay safe out there!

Plugin URL : https://wordpress.org/plugins/really-...
Pro Plugin URL : https://really-simple-ssl.com/

🔔 Subscribe for more videos like this : https://www.youtube.com/c/CodeCanvas?...

#wordpress #wordpresstutorial #wordpressplugin