Critical Vulnerability Found in Really Simple Security Plugin

A serious authentication bypass vulnerability has been discovered in the Really Simple Security plugin, affecting over 4 million WordPress sites. This flaw allows attackers to remotely access any user account, including administrators, especially when two-factor authentication is enabled. The vulnerability, identified by Wordfence on November 6, 2024, has a critical CVSS score of 9.8. The plugin vendor quickly released patches, with forced updates initiated to ensure users upgrade to version 9.1.2. Wordfence has provided immediate protection for its premium users, while free users will receive similar safeguards by December 6, 2024. Site owners are urged to verify their plugin versions to mitigate risks associated with this vulnerability.