The Download
A critical vulnerability in a popular WordPress security plugin, Really Simple Security SSL, impacting millions of websites, allows unauthenticated attackers to gain administrative control. The flaw, identified as CVE-2024-10924, can be exploited by sending specially crafted requests, bypassing authentication mechanisms to any account including Administrator account. Security firm Wordfence says the flaw is the most severe it has seen among WordPress plug-in flaws. Attackers can leverage this access to deploy malware, deface websites, or steal sensitive user data, endangering businesses and their clients.
What You Can Do
IT administrators should immediately update the affected plugin to its latest patched version. Additionally, monitor user roles for unauthorized changes, implement a Web Application Firewall (WAF), and enforce regular security audits to identify and resolve vulnerabilities proactively.
Use ThreatMate automated pen testing to discover exploitable website vulnerabilities among other exposed attack surface vulnerabilities.
To Learn More: