• Cyber Syrup
  • Posts
  • Over 4 Million Websites At Risk Because Of Wordpress Plugin Vulnerability

Over 4 Million Websites At Risk Because Of Wordpress Plugin Vulnerability

A critical security vulnerability, tracked as CVE-2024-10924 with a CVSS score of 9.8, has been identified in the popular WordPress plugin, Really Simple Security

November 18, 2024

In partnership with

CYBER SYRUP
Delivering the sweetest insights on cybersecurity.

The fastest way to build AI apps

  • Writer Framework: build Python apps with drag-and-drop UI

  • API and SDKs to integrate into your codebase

  • Intuitive no-code tools for business users

Over 4 Million Websites At Risk Because Of Wordpress Plugin Vulnerability

A critical security vulnerability, tracked as CVE-2024-10924 with a CVSS score of 9.8, has been identified in the popular WordPress plugin, Really Simple Security. This flaw allows an unauthenticated attacker to log in as any user, including administrators, posing a severe threat to millions of websites. Here's what you need to know about the issue, who is at risk, and how to protect your website.

Understanding the Vulnerability

The vulnerability stems from an authentication bypass in the plugin's two-factor authentication (2FA) REST API action. Specifically, the flaw arises due to improper error handling when verifying users. If a verification attempt fails, the plugin does not adequately handle the returned error. Instead, it treats the user as authenticated based solely on the provided ID, bypassing the need for correct credentials.

Key Details of the Vulnerability

  • Plugin Impacted: Really Simple Security (formerly Really Simple SSL), used on over 4 million WordPress sites.

  • Affected Feature: Two-factor authentication implementation.

  • Result: Unauthenticated attackers can log in as any user, including administrators, compromising the site’s security entirely.

Who Is at Risk?

The vulnerability potentially affects millions of websites that rely on Really Simple Security to enhance their protection. The following groups are at the highest risk:

  1. WordPress Administrators
    Sites where the plugin is active and running a version prior to 9.1.2 are directly exposed to attack.

  2. Websites Using Two-Factor Authentication
    The vulnerability is specifically tied to the plugin's 2FA feature, making any site with this functionality enabled particularly vulnerable.

  3. High-Traffic Websites
    Attackers often target popular websites for their broader reach, data sensitivity, or monetization potential.

  4. Sites Without Automated Updates
    Websites that do not have automated updates enabled or have disabled automatic security updates are at greater risk if they haven't manually patched the plugin.

How to Protect Yourself

Securing your website from CVE-2024-10924 requires immediate action to update the plugin and implement best practices.

1. Verify Your Plugin Version

Ensure that you are running Really Simple Security version 9.1.2 or later. This update resolves the vulnerability.

  • How to Check:
    Log in to your WordPress dashboard, navigate to Plugins, and check the version listed under Really Simple Security.

  • Update the Plugin:
    If you are running an older version, update immediately via the WordPress dashboard or by downloading the latest version from the WordPress Plugin Repository.

2. Enable Automatic Updates

To ensure timely protection against future vulnerabilities, enable automatic updates for all critical plugins.

  • Go to Plugins > Installed Plugins, locate Really Simple Security, and click Enable Auto-Updates.

3. Monitor for Unauthorized Activity

Review your website logs to detect any suspicious logins or activities.

  • Use the Really Simple Security plugin’s Login Protection and other monitoring tools to track login attempts.

4. Strengthen Overall Security

In addition to patching the plugin, take these steps to bolster your website’s security:

  • Backup Regularly: Ensure regular backups of your website to facilitate recovery in case of a compromise.

  • Use a Firewall: Deploy a web application firewall (WAF) to block malicious traffic.

  • Secure Admin Accounts: Enforce strong, unique passwords for all admin accounts and consider alternative 2FA solutions.

Additional Insights

Forced Security Updates

To address the severity of the issue, the WordPress team collaborated with the plugin vendor to push a forced security update. This ensures that a significant number of vulnerable websites are patched automatically, minimizing the risk of widespread exploitation.

Broader Implications

The discovery of such a critical flaw underscores the importance of robust security practices in plugin development and maintenance. Vulnerabilities in popular plugins can serve as entry points for large-scale attacks, affecting countless websites and their users.

Ongoing Monitoring

Site administrators should remain vigilant, as successful exploitation of such flaws can enable attackers to:

  • Exfiltrate sensitive data.

  • Deploy additional malware or ransomware.

  • Leverage compromised websites for phishing campaigns or further attacks.

Conclusion

The CVE-2024-10924 vulnerability highlights the importance of regular updates and proactive monitoring in maintaining WordPress site security. By addressing the flaw promptly and following best practices, you can significantly reduce the risk to your website and its users. If you are using Really Simple Security, act now to ensure your site is fully protected.

For more details on this vulnerability and future updates, visit the WordPress Security Blog.