module
WordPress Really Simple SSL Plugin Authentication Bypass to RCE
| Disclosed |
|---|
| Nov 14, 2024 |
Disclosed
Nov 14, 2024
Description
This module exploits an authentication bypass vulnerability in the WordPress Really Simple SSL plugin
(versions 9.0.0 to 9.1.1.1). The vulnerability allows bypassing two-factor authentication (2FA) and
uploading a plugin to achieve remote code execution (RCE). Note: For the system to be vulnerable,
2FA must be enabled on the target site; otherwise, the exploit will not work.
(versions 9.0.0 to 9.1.1.1). The vulnerability allows bypassing two-factor authentication (2FA) and
uploading a plugin to achieve remote code execution (RCE). Note: For the system to be vulnerable,
2FA must be enabled on the target site; otherwise, the exploit will not work.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.