A critical authentication bypass vulnerability has been discovered in the Really Simple Security (RSS) plugin for WordPress. If successfully exploited, this vulnerability could grant an attacker full administrative access to a susceptible site.
The vulnerable software is used on over 4 million WordPress sites and affects both free and premium versions of the plugin. The CVSS score for this vulnerability is 9.8, indicating a high level of severity.
According to Wordfence security researcher István Márton, the vulnerability arises from improper user check error handling in a function called “check_login_and_get_user.” This allows unauthenticated attackers to login as arbitrary users, including administrators, when two-factor authentication is enabled.
The plugin maintainers have patched the issue in version 9.1.2 and are urging all sites running this plugin to update prior to public disclosure. The vulnerability could be turned into a large-scale automated attack, targeting WordPress websites, making it a serious concern for site owners.
This vulnerability follows another critical shortcoming discovered in the WPLMS Learning Management System for WordPress, which could enable unauthenticated threat actors to read and delete arbitrary files on the server.
Source: https://thehackernews.com/2024/11/urgent-critical-wordpress-plugin.html