【Vulnerability Alert】Security Flaw in WordPress Plugin Really Simple Security (CVE-2024-10924) – Immediate Update Required

publish date : 2024-11-22 update date : 2024-11-22

Source: Ministry of education information & communication security contingency platform

Publication Number TACERT-ANA-2024112101112525 Publication Time 2024/11/21 13:48
Incident Type ANA-Vulnerability Alert Discovery Time 2024/11/21 13:48
Impact Level Medium  
[Subject]
【Vulnerability Alert】Security Flaw in WordPress Plugin Really Simple Security (CVE-2024-10924) – Immediate Update Required
[Content]
Forwarded from the National Institute of Cyber Security NISAC-200-202411-00000053

The WordPress plugin Really Simple Security contains an Authentication Bypass vulnerability (CVE-2024-10924).
When the two-factor authentication feature is enabled, unauthorized remote attackers may bypass authentication and log in to the system as any user. Immediate action is recommended to mitigate this risk.

Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform]
Really Simple Security Plugin Versions 9.0.0 to 9.1.1.1
[Recommended Actions]
The vendor has released a patch for this vulnerability. Please update to the following version:
Really Simple Security 9.1.2 or later
[Reference]
1. https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11388
2. https://nvd.nist.gov/vuln/detail/CVE-2024-10924
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center