Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-10924
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 - 9.1.1.1 - Authentication Bypass
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default).
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用候选路径或通道进行的认证绕过
Source: NVD (National Vulnerability Database)
Vulnerability Title
WordPress plugin Really Simple Security 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Really Simple Security 9.0.0版本到9.1.1.1版本存在安全漏洞,该漏洞源于包含一个身份验证绕过漏洞。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
Really Simple PluginsReally Simple Security Pro multisite 9.0.0 ~ 9.1.1.1 -
rogierlankhorstReally Simple Security – Simple and Performant Security (formerly Really Simple SSL) 9.0.0 ~ 9.1.1.1 -
Really Simple PluginsReally Simple Security Pro 9.0.0 ~ 9.1.1.1 -
II. Public POCs for CVE-2024-10924
#POC DescriptionSource LinkShenlong Link
1 Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 – 9.1.1.1 – Authentication Bypasshttps://github.com/RandomRobbieBF/CVE-2024-10924POC Details
2CVE-2024-10924 Authentication Bypass Using an Alternate Path or Channel (CWE-288)https://github.com/FoKiiin/CVE-2024-10924POC Details
3WARNING: This is a vulnerable application to test the exploit for the Really Simple Security < 9.1.2 authentication bypass (CVE-2024-10924). Run it at your own risk!https://github.com/m3ssap0/wordpress-really-simple-security-authn-bypass-vulnerable-applicationPOC Details
4Simple Python scripthttps://github.com/MattJButler/CVE-2024-10924POC Details
5Exploits Really Simple Security < 9.1.2 authentication bypass (CVE-2024-10924).https://github.com/m3ssap0/wordpress-really-simple-security-authn-bypass-exploitPOC Details
6Nonehttps://github.com/julesbsz/CVE-2024-10924POC Details
7Exploit for CVE-2024-10924 -> Really Simple Security < 9.1.2 authentication bypasshttps://github.com/dua1337/Exploit-for-CVE-2024-10924POC Details
8Bypass del MFA en WordPress con el plugin Really Simple Security instalado entre las versiones 9.0.0 – 9.1.1.1.https://github.com/Maalfer/CVE-2024-10924-PoCPOC Details
9Nonehttps://github.com/D1se0/CVE-2024-10924-Bypass-MFA-Wordpress-LABPOC Details
10Nonehttps://github.com/Hunt3r850/CVE-2024-10924-PoCPOC Details
11Nonehttps://github.com/Hunt3r850/CVE-2024-10924-Wordpress-DockerPOC Details
12Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 - 9.1.1.1 - Authentication Bypasshttps://github.com/Nxploited/CVE-2024-10924-ExploitPOC Details
13Nonehttps://github.com/cy3erdr4g0n/CVE-2024-10924POC Details
14A Proof-of-Concept (PoC) exploit for CVE-2024-10924, a vulnerability in the Really Simple SSL WordPress plugin that allows bypassing two-factor authentication (2FA). Includes mitigation techniques to secure affected WordPress sites.https://github.com/h8sU/wordpress-cve-2024-10924-exploitPOC Details
15Nonehttps://github.com/sariamubeen/CVE-2024-10924POC Details
16WordPress CVE-2024-10924 Exploit for Really Simple Security pluginhttps://github.com/MaleeshaUdan/wordpress-CVE-2024-10924--exploitPOC Details
17CVE-2024-10924 - Authentication Bypass in ReallySimpleSSL Wordpress Pluginhttps://github.com/sharafu-sblsec/CVE-2024-10924POC Details
18Nonehttps://github.com/OliveiraaX/-CVE-2024-10924POC Details
19The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default). https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-10924.yamlPOC Details
20Nonehttps://github.com/ademto/wordpress-cve-2024-10924-pentestPOC Details
21Nonehttps://github.com/bodoinon/CVE-2024-10924POC Details
22Unauthenticated authentication bypass to RCE exploit for CVE-2024-10924. Abuses an authentication and 2FA bypass in the Really Simple Security WordPress plugin to impersonate an admin user, upload a malicious plugin, and achieve remote command execution via an interactive shell.https://github.com/JoshuaProvoste/0-click-RCE-Exploit-for-CVE-2024-10924POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2024-10924
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same vendor: Really Simple Plugins
Same weakness: CWE-288
V. Comments for CVE-2024-10924

No comments yet

Leave a comment