Published on November 18, 2024
Vincent Paquette
François Charron
A major security vulnerability has been discovered in a WordPress plugin. This vulnerability can allow hackers to access the administrator accounts of sites using it. More than 4 million websites around the world are at risk if they do not install the patch.
The security flaw was discovered in the Really Simple Security plugin on WordPress sites.
What is ironic is that it is a plugin focused on security while it allows, among other things, the real-time detection of a site’s vulnerabilities and also allows you to add authentication double factor.
Still, this plugin has a loophole allowing hackers to remotely attack sites that use it. They can then obtain administrator access and take complete control of it.
The vulnerability affects the free and Pro versions of the software, ranging from versions 9.0.0 to 9.1.1.1.
More than 4 million websites use this plugin.
WordFence, which discovered the flaw, doesn’t mince words when mentioning:
This is one of the most serious vulnerabilities we have reported in our 12-year history as a WordPress security provider.
A security patch available
A security patch was quickly deployed via the release 9.1.2 you plugin.
So, if we or our company have a WordPress site and use the famous Really Simple Security plugin, we have every interest in updating it quickly.
Otherwise, we put our entire site at risk, while hackers will be able to take total control of it.
This situation once again reminds us of the importance of always updating!
