Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WordPress Really Simple Security Plugin Authentication Bypass to RCE (CVE-2024-10924) #19661

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

WordPress Really Simple Security Plugin Authentication Bypass to RCE (CVE-2024-10924) #19661

wants to merge 5 commits into from

Conversation

Chocapikk
Copy link
Contributor

@Chocapikk Chocapikk commented Nov 18, 2024
edited
Loading

Hello Metasploit Team,

I am submitting a new exploit module for the WordPress Really Simple Security plugin, addressing an authentication bypass vulnerability (CVE-2024-10924). This vulnerability affects versions 9.0.0 to 9.1.1.1 and allows unauthenticated attackers to bypass Two-Factor Authentication (2FA). By exploiting this flaw, an attacker can retrieve the administrator's session cookie directly, enabling full control over the WordPress instance, including the ability to upload and execute arbitrary code.

Summary of the Vulnerability:

  • Vulnerable Software: Really Simple Security plugin
  • Affected Versions: 9.0.0 to 9.1.1.1
  • Patched Version: 9.1.2
  • CVE: CVE-2024-10924
  • Impact: Allows attackers to bypass 2FA and achieve remote code execution (RCE).
  • Pre-requisite: 2FA must be enabled on the WordPress site for the exploit to work.

Verification Steps:

  1. Install WordPress with the vulnerable Really Simple Security plugin (version <= 9.1.1.1).
  2. Activate Two-Factor Authentication in the plugin's settings.
  3. Use the module to exploit the vulnerability by bypassing 2FA and uploading a malicious plugin.

Module Highlights:

  • The check method detects the presence of the vulnerable plugin by analyzing its readme.txt file for three possible slugs:
    • really-simple-ssl
    • really-simple-ssl-pro
    • really-simple-ssl-pro-multisite
  • The exploit bypasses Two-Factor Authentication and uploads a payload as a WordPress plugin.
  • This module supports PHP, Unix/Linux, and Windows targets.

References:

Please let me know if you have any feedback or suggestions!

@wvu
Copy link
Contributor

wvu commented Nov 22, 2024

WordPress Really Simple Security Plugin Authentication Bypass to RCE

@Chocapikk
Copy link
Contributor Author

WordPress Really Simple Security Plugin Authentication Bypass to RCE

WordPress Not-So-Simple Security Plugin

@696e746c6f6c
Copy link

WordPress Really Simple Security Plugin Authentication Bypass to RCE

WordPress Not-So-Simple Security Plugin

WordPress So Security Plugin. Cleared debate, closing this as resolved.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sjanusz-r7 sjanusz-r7 sjanusz-r7 left review comments

@jvoisin jvoisin jvoisin approved these changes

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Chocapikk @wvu @696e746c6f6c @jvoisin @sjanusz-r7