{"id":23564,"date":"2024-11-20T19:25:39","date_gmt":"2024-11-20T15:25:39","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/cve-2024-10924-wordpress-authentication-bypass\/23564\/"},"modified":"2024-11-20T19:25:39","modified_gmt":"2024-11-20T15:25:39","slug":"cve-2024-10924-wordpress-authentication-bypass","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/cve-2024-10924-wordpress-authentication-bypass\/23564\/","title":{"rendered":"CVE-2024-10924: vulnerability on around four million sites"},"content":{"rendered":"<p>Bad news for companies using WordPress sites with a two-factor authentication mechanism implemented via the Really Simple Security plugin. The recently discovered <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-10924\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2024-10924 vulnerability<\/a> in this plugin allows a complete stranger to authenticate as a legitimate user. It\u2019s therefore recommended to update the plugin as soon as possible.<\/p>\n<h2>What\u2019s the danger of the CVE-2024-10924 vulnerability<\/h2>\n<p>As ironic as it may sound, the CVE-2024-10924 vulnerability in the plugin called Really Simple Security has a CVSS rating of 9.8 and is classified as critical. In essence, it exists thanks to an error in the authentication mechanism, due to which an attacker can log on to the site as any of the registered users and with their privileges (even administrator rights). As a result, this can lead to the takeover of the website.<\/p>\n<p>Proof of concept that shows exploitation of this vulnerability can already be found on GitHub. Moreover, apparently its exploitation can be automated. The researchers from Wordfence who discovered CVE-2024-10924 have <a href=\"https:\/\/www.wordfence.com\/blog\/2024\/11\/really-simple-security-vulnerability\/\" target=\"_blank\" rel=\"nofollow noopener\">called it<\/a> the most dangerous vulnerability they\u2019ve seen in 12 years of working in the field of WordPress security.<\/p>\n<h2>Who\u2019s vulnerable to CVE-2024-10924?<\/h2>\n<p>Users of both paid and free versions of the Really Simple Security plugin starting from build 9.0.0 and ending with 9.1.1.1 are vulnerable. However, to exploit CVE-2024-10924, the plugin must have the two-factor authentication function enabled (it\u2019s disabled by default, but many users choose this plugin specifically for this feature).<\/p>\n<p>Thanks to the existence of a free version of the plugin, it\u2019s extremely popular; researchers say that it\u2019s installed on around four million sites.<\/p>\n<h2>How to stay safe<\/h2>\n<p>First of all, it\u2019s recommended to update the plugin to version 9.1.2. If for some reason this isn\u2019t possible, it\u2019s worth disabling the two-factor authentication verification \u2013 but this is obviously not ideal since it weakens the security of your site. WordPress.org has enabled an automatic plugin update mechanism, but administrators are advised to go to the control panel and make sure that the plugin has been updated.<\/p>\n<p>The plugin developer\u2019s website also has a section with <a href=\"https:\/\/really-simple-ssl.com\/updating-really-simple-ssl-pro\/\" target=\"_blank\" rel=\"nofollow noopener\">tips<\/a> on updating it if the automatic update doesn\u2019t work.<\/p>\n<p>In addition, even if you promptly updated the plugin and at first glance didn\u2019t notice any malicious activity on the site, it makes sense to carefully study the list of users with administrator rights \u2013 just to make sure there are no new unfamiliar entries there.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"mdr\">\n","protected":false},"excerpt":{"rendered":"<p>A vulnerability that permits bypassing authentication has been found in a popular security hardening plugin for WordPress.<\/p>\n","protected":false},"author":2698,"featured_media":23565,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1318,1916,1917],"tags":[1047,359,268,939,304],"class_list":{"0":"post-23564","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-enterprise","9":"category-smb","10":"tag-2fa","11":"tag-authentication","12":"tag-vulnerabilities","13":"tag-web","14":"tag-wordpress"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/cve-2024-10924-wordpress-authentication-bypass\/23564\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/cve-2024-10924-wordpress-authentication-bypass\/28310\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/cve-2024-10924-wordpress-authentication-bypass\/28442\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/cve-2024-10924-wordpress-authentication-bypass\/38619\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/cve-2024-10924-wordpress-authentication-bypass\/52637\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/cve-2024-10924-wordpress-authentication-bypass\/28564\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/cve-2024-10924-wordpress-authentication-bypass\/34395\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/cve-2024-10924-wordpress-authentication-bypass\/34021\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/vulnerabilities\/","name":"vulnerabilities"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/23564","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2698"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=23564"}],"version-history":[{"count":0,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/23564\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/23565"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=23564"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=23564"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=23564"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}