This is not the first time that we have seen that a large number of websites may be affected by a major failure. In this case, it is a critical vulnerability in a WordPress plugin. More than 4 million pages may be at risk. Also, something important is that this plugin does not update automatically, as we are going to explain to you. It is essential that you take measures to avoid falling into problems.
Specifically, the problem affects the Really Simple Security plugin. It has been identified as CVE-2024-10924 and has received a score of 9.8 on the CVSS scale, which already gives us clues about its danger. This plugin has many installations, as it is estimated that it is present on more than 4 million pages.
Serious vulnerability in a WordPress plugin
Plugins are widely used on WordPress websites. They are plugins that can be very useful for web pages. There are some that can even help optimize performance as well as increase security. However, it is a reality that, if you do not have them updated, they can pose a security problem.
An attacker can exploit this flaw through scripts, which could automate large-scale attacks and affect sites that have this plugin. Furthermore, it is something that can affect both users who have the free version and those who have the paid version.
This problem has been detected in versions between 9.0.0 and 9.1.1. It has already been corrected with version 9.1.2. However, as they indicate, the update does not occur automatically, so you should make sure to update the Really Simple Security plugin to ensure the security of your site.
If someone were to exploit this flaw, they could gain unauthenticated access to any user account, including the administrator account. Logically, this can lead to multiple fraudulent uses, as they will hijack that website and take full control.
Be careful when browsing
If you do not have a website, and you are simply a user who browses the Internet, it is also essential that you be careful with problems of this type. You could come across a malicious website, created directly to attack or that has previously suffered a computer attack and, for this reason, is now insecure. Always make sure to browse HTTPS sites.
Be careful with possible files that may be downloaded, pop-up windows that appear when browsing, forms to enter your personal data and passwords… You could come across a wide variety of scams, even when entering web pages that, on paper, seem reliable.
Maintaining common sense, keeping everything updated and using a good antivirus will always be tools to protect yourself on the Internet and avoid problems. If you don’t make mistakes, you will have a lot to gain in maintaining your privacy and security online. It is something that you should apply regardless of the type of device you use on a daily basis, whether it is a mobile phone, computer or any other.
