WordPress: Over 4 Million Sites at Risk ⚠️

Cliquez ici pour lire en français

A vulnerability in the Really Simple Security plugin endangers millions of WordPress sites. This flaw allows attackers to bypass authentication and gain full access to admin accounts. Read on for technical details, actions taken, and how to secure your sites now.

A flaw discovered in Really Simple Security 🚨

On November 6, 2024, the Wordfence Threat Intelligence team detected a vulnerability in the plugin. Really Simple Security (formerly Really Simple SSL), which is used by over 4 million WordPress sites, is affected. This flaw allows unauthenticated attackers to bypass two-factor authentication and remotely access user accounts, including admin accounts.

Specifically, the vulnerability stems from improper handling of the plugin’s REST API. The function check_login_and_get_user, responsible for verifying user identity, does not handle verification errors correctly. Even if an attacker provides incorrect credentials, the function continues to execute and grants access to the targeted account.

The affected plugin versions range from 9.0.0 to 9.1.1.1, including the free, Pro, and Pro Multisite versions.

A large-scale automatable attack 💥

This vulnerability is scriptable, meaning it can be exploited at scale through automated attacks. This significantly heightens the risk for WordPress site owners using this plugin.

If a site is compromised, attackers can:

• Modify or delete content.
• Install malware.
• Take full control of the administration.

Measures taken to protect users 🔐

Aware of the severity of the issue, the developer of Really Simple Security collaborated with the WordPress.org plugin team to:

• Release a patched update: Version 9.1.2 was rolled out on November 12, 2024, for Pro versions and on November 14, 2024, for the free version.
• Force updates on all sites running vulnerable versions.

Additionally, Wordfence Premium, Care, and Response users received a firewall rule to protect against this vulnerability starting November 6, 2024. Free Wordfence users will get this protection on December 6, 2024.

What should WordPress site owners do ? 💡

To protect your site from this critical flaw, the company recommends :

• Check your version of Really Simple Security: Ensure it’s updated to the patched version 9.1.2.
• Enable a reliable WordPress firewall: If using Wordfence, configure it properly to benefit from protection against this vulnerability.
• Inform vulnerable site admins: If you know others using this plugin, alert them about the urgency of updating their sites.
• Monitor your systems: Conduct regular scans to detect any potential intrusions or anomalies.

The role of the WordPress community 🌍

The forced update deployed by the WordPress team has mitigated much of the damage. However, there are still users who haven’t applied the patch. The community plays a critical role in:

• Spreading awareness about this vulnerability.
• Encouraging plugin updates on unmaintained sites.
• Collaborating with hosting providers to enforce updates.

This incident highlights the importance of keeping WordPress plugins updated and prioritizing robust security solutions. Critical vulnerabilities like the one in Really Simple Security can have disastrous consequences, yet they are often avoidable with proactive management.

Share Your Experience !!!
Have you updated your plugins recently? What security solutions do you use to protect your sites? Share your practices in the comments! ☺️