Plugins to update, even Wordfence got scared
News about the security of plugins installed on WordPress sites mostly come from the large specialized portal Wordfence. And when a post published by Wordfence security experts begins with “ this is one of the most serious vulnerabilities we have ever reported in our 12-year history ” you immediately understand that the situation is not just serious in words. The plugin in which this vulnerability was found is Really Simple Security, whose previous name was Really Simple SSL .
There is already a more than fair amount of netherlands phone number irony in this. This plugin, in fact, falls into the category of security plugins , something that you should always have installed on your site to prevent malicious individuals from interfering in some way with what is on your site or with the users who navigate your site.
What made the problem found within this security plugin extremely dangerous is that the vulnerability is of the scrptable type . As explained by the experts at Wordfence, this is a vulnerability that can be exploited automatically and thus simultaneously target practically all the websites on which the plugin is located.
Really Simple Security is available in a free version and a paid Pro version and it is important to know that the Premium version has also been updated, because it was found to be affected by the same vulnerability. But what was the problem that emerged?
Wordfence experts found an authentication bypass vulnerability in this plugin on November 6. This type of vulnerability allows unauthenticated malicious users to easily enter any website.
really simple security compromise, update now
The vulnerability can be exploited when the two-factor authentication function is activated and a hacker can, by interfering with the authentication phase, take over any account that is logging in to the targeted WordPress site. As we mentioned, this is one of the most dangerous vulnerabilities that Wordfence has ever encountered and in fact its score is 9.8 out of 10 .
Luckily, the developers of Really Simple Security have immediately started the procedures to find a solution . The updated version you need to have is number 9.1.2 and it has been updated in both its free version and in the Premium version.