TrendingExploit
CVE-2024-10924
Authentication Bypass Using an Alternate Path or Channel (CWE-288)
Published: Nov 15, 2024 / Updated: 5d ago

010

CVSS 9.8EPSS 0.05%Critical

CVE info copied to clipboard

Summary

The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This vulnerability is caused by improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. It affects installations where the "Two-Factor Authentication" setting is enabled, which is disabled by default.

Impact

This vulnerability allows unauthenticated attackers to log in as any existing user on the site, including administrators. The potential impact is severe, as it could lead to complete compromise of the WordPress site. An attacker could gain full administrative access, potentially allowing them to modify content, install malicious plugins, access sensitive information, or use the compromised site for further attacks. The vulnerability has a CVSS v3.1 base score of 9.8 (Critical), indicating maximum impact on confidentiality, integrity, and availability.

Exploitation

One proof-of-concept exploit is available on github.com. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Users should update to a version newer than 9.1.1.1 of the Really Simple Security plugin (Free, Pro, or Pro Multisite versions).

Mitigation

1. Update the Really Simple Security plugin to the latest version immediately if you're running versions 9.0.0 to 9.1.1.1. 2. If immediate updating is not possible, consider temporarily disabling the "Two-Factor Authentication" feature in the plugin settings until the update can be applied. 3. Monitor WordPress admin accounts for any suspicious activities. 4. Implement additional security measures such as IP restrictions for admin access and regular security audits. 5. Always keep WordPress core, themes, and plugins up to date. 6. Use strong, unique passwords for all user accounts, especially administrative ones.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-10924

Nov 15, 2024 at 4:15 AM

CVSS

A CVSS base score of 9.8 has been assigned.

Nov 15, 2024 at 4:20 AM / nvd

First Article

Feedly found the first article mentioning CVE-2024-10924. See article

Nov 15, 2024 at 4:21 AM / National Vulnerability Database

CVSS Estimate

Feedly estimated the CVSS score as HIGH

Nov 15, 2024 at 4:21 AM

Threat Intelligence Report

CVE-2024-10924 is a critical authentication bypass vulnerability affecting versions 9.0.0 to 9.1.1.1 of the Really Simple Security plugins, with a CVSS score of 9.8. The vulnerability has been researched by István Márton from Wordfence, and a fully patched version (9.1.2) is available. There is no information provided regarding exploitation in the wild, proof-of-concept exploits, or downstream impacts on other third-party vendors. See article

Nov 15, 2024 at 8:00 AM

EPSS

EPSS Score was set to: 0.05% (Percentile: 16.9%)

Nov 15, 2024 at 10:20 AM

Proof of Concept (PoC) Released

A proof of concept exploit has been released

Nov 18, 2024 at 2:10 AM

Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (731906)

Nov 18, 2024 at 7:53 AM

Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (152399)