CVE-2024-10924 Scanner

Product Overview:

Really Simple Security is a popular WordPress security plugin designed to protect WordPress websites from common security threats. It is available in both free and pro versions, with the pro version offering additional features like multisite support. The plugin provides several security measures such as SSL enforcement, security headers, and login protection. It is widely used by WordPress site owners to enhance the security of their sites. The plugin is also available in a multisite version to handle multiple WordPress installations. The vulnerability detected is critical and impacts the authentication process in the plugin's two-factor authentication feature.

Vulnerability Overview:

The vulnerability found in Really Simple Security is an authentication bypass, affecting versions 9.0.0 to 9.1.1.1. This flaw is caused by improper user check error handling in the two-factor REST API actions. The specific function affected is 'check_login_and_get_user'. This vulnerability allows unauthenticated attackers to bypass the two-factor authentication mechanism and log in as any existing user on the site, including administrators. This could allow attackers to gain unauthorized access to sensitive areas of the WordPress site, such as the admin dashboard. The vulnerability is particularly dangerous because the two-factor authentication feature, though enabled, can be bypassed by attackers.

Vulnerability Details:

The vulnerability occurs due to improper validation in the two-factor authentication system in the Really Simple Security plugin. The vulnerable function, 'check_login_and_get_user', does not adequately check the authentication status before allowing access to the user information. This means that an attacker, even without valid credentials, can trigger the REST API action and obtain access to a user account, including administrative ones. The vulnerable API endpoint is '/wp-json/reallysimplessl/v1/two_fa/skip_onboarding', which can be exploited by sending a specially crafted request with the correct nonce and user ID. This flaw allows attackers to access the WordPress admin panel without proper authentication, leading to potential account takeover.

Possible Effects:

If exploited, this vulnerability can lead to serious security issues, including unauthorized access to the WordPress admin dashboard. Attackers could modify site settings, access sensitive user data, or even take control of the entire website. The impact is especially severe when the affected website has sensitive information or high-value accounts, such as those of administrators. Attackers may also use this vulnerability to install malware or other malicious scripts. Given the ease of exploitation, this vulnerability poses a significant risk to the integrity and security of WordPress sites using the affected versions of the Really Simple Security plugin.

References:

• Really Simple SSL Source Code
• Really Simple SSL Source Code
• Really Simple SSL Source Code
• Really Simple SSL Change Log
• WPScan Advisory
• Wordfence Advisory
• NIST CVE-2024-10924