- Description
- The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default).
- Source
- security@wordfence.com
- NVD status
- Modified
- Products
- really_simple_security
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
I just completed Bypass Really Simple Security room on TryHackMe! Learn how to exploit a WordPress website using CVE-2024-10924 and understand various mitigation techniques. https://t.co/qrdViFgQb3 #tryhackme via @tryhackme
@ToTo13ru_xakep
6 Mar 2026
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10924 / Auth Bypass (2FA) to RCE Exploit https://t.co/X3OFapq2iE #WordPress #Hacking #BugBounty
@JoshuaProvoste
22 Jan 2026
115 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
I just completed Bypass Really Simple Security room on TryHackMe! Learn how to exploit a WordPress website using CVE-2024-10924 and understand various mitigation techniques. https://t.co/QOqenpSoul #tryhackme via @tryhackme
@Shyam48973Yadav
14 Jan 2026
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Bypass Really Simple Security room on TryHackMe! Learn how to exploit a WordPress website using CVE-2024-10924 and understand various mitigation techniques. https://t.co/rUBeMU7kGl #tryhackme via @tryhackme
@Emon14445
5 Jan 2026
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Day 81 of #100DaysOfCybersecurity🛡️ Completed the Really Simple Security bypass lab 📷✅ Studied CVE-2024-10924, a WordPress REST API flaw that allows 2FA auth bypass and admin access 🔓 Key lesson Poor input validation in security plugins leads to full site compromi
@HezyChacha
2 Jan 2026
61 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
I just completed Bypass Really Simple Security room on TryHackMe. Learn how to exploit a WordPress website using CVE-2024-10924 and understand various mitigation techniques. https://t.co/75dOTLUrDl #tryhackme via @tryhackme
@HezyChacha
2 Jan 2026
63 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
I just completed Bypass Really Simple Security room on TryHackMe. Learn how to exploit a WordPress website using CVE-2024-10924 and understand various mitigation techniques. https://t.co/DYgR8fQOtj #tryhackme via @realtryhackme
@yasirchandio12
1 Oct 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed Bypass Really Simple Security room on TryHackMe. Learn how to exploit a WordPress website using CVE-2024-10924 and understand various mitigation techniques. https://t.co/JImKnXY62c #tryhackme 来自 @realtryhackme
@GuanShanZhe
30 Sept 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
just completed the Bypass Really Simple Security room on @RealTryHackMe understood CVE-2024-10924 how attackers bypass 2FA via crafted API calls,also learned detection via logs & SIEM+patching tips. #TryHackMe #LearnInPublic https://t.co/KAjswUiXKI #tryhackme via @realtryhac
@AakashModi1750_
22 Jun 2025
51 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Just completed this walkthrough on @RealTryHackMe. Learnt about CVE-2024-10924 (again, WordPress related). What exactly is it? 👇 (1/3) https://t.co/6tpvbOvme9
@1ndr4d3v
5 Feb 2025
29 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
🇼🔐 New room Bypass Really Simple Security from @RealTryHackMe : Learn how to exploit a WordPress website using CVE-2024-10924 and understand various mitigation techniques. 🇼🔐 🛡️🔐🛡️ This good practice room with lab for CVE-2024-10924 regarding WordPress Plugin Really Simp
@DjalilAyed
4 Feb 2025
45 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
NEW WALKTHROUGH: Bypass Really Simple Security 👀 🔗 https://t.co/5IdTWPacyJ Learn to exploit a WordPress website using the Bypass Simple Security plugin, exploit the CVE-2024-10924 vulnerability, and understand various mitigation techniques. https://t.co/bTIHlSvozo
@tryhackme
4 Feb 2025
4039 Impressions
11 Retweets
95 Likes
16 Bookmarks
2 Replies
0 Quotes
📢 CVE-2024-10924 Bypass 2FA in Really Simple Security (v9.0.0 - 9.1.1.1). Login as admin without creds! 🔥 PoC: 🔗 https://t.co/FX7sMzHYvH #WordPress #Exploit #CyberSecurity #CVE2024 #riyadh
@Nxploited
2 Feb 2025
70 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 Attention WordPress users! A critical vulnerability (CVE-2024-10924) in the Really Simple Security plugin allows unauthorized access to your site, bypassing two-factor authentication. Update the plugin immediately to stay secure! Learn More: https://t.co/UWfFvkKavD 🚨 تنبيه…
@KasperskyKSA
23 Dec 2024
221 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10924: vulnerability on around four million sites https://t.co/KjacodCPpv #Vulnerability #cybersecurity #Web #Bugs #Hackers #Technology #Software #Malicious
@QS2Point
21 Dec 2024
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The WordPress ecosystem just dodged a bullet. CVE-2024-10924, affecting 4M+ sites via the Really Simple Security plugin, could grant attackers admin access. A patch was issued, but is your site updated? Don’t wait, secure your site now! https://t.co/jkklUcJdJx
@Shift6Security
3 Dec 2024
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-38063 2 - CVE-2023-50428 3 - CVE-2024-10924 4 - CVE-2024-11477 5 - CVE-2024-44308 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
2 Dec 2024
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#JaideAMafacon : Alerte de sécurité massif : Le contournement de l'authentification CVE-2024-10924 affecte 4 millions d'utilisateurs de WordPress dans le monde, dont plusieurs sites de ministères et d'entreprises au Cameroun. Lire mon article complet. https://t.co/NIfawIwBxK
@banzance
2 Dec 2024
117 Impressions
2 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔥NUEVO VÍDEO🔥 Veremos la explotación de la reciente vulnerabilidad crítica en WordPress con el plugin Really Simple Security instalado (CVE-2024-10924), la cual permite hacer un bypass del MFA y acceder al interior de una web 😋👇 https://t.co/x7wlKeaqOu
@PinguinoDeMario
27 Nov 2024
2164 Impressions
17 Retweets
59 Likes
21 Bookmarks
2 Replies
0 Quotes
Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites The vulnerability, tracked as CVE-2024-10924, impacts both free and premium versions of the plugin. The software is installed on over 4 million WordPress sites. Read More: https://t.co/FGQQTKgzr0 https:
@pinakinit1
25 Nov 2024
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Your website's security might be at risk! A critical WordPress plugin flaw (CVE-2024-10924) can let attackers log in as admin. The great news? Patches are out! Update now to keep your site protected and secure. #WordPress #CyberSecurity https://t.co/QKruLrlKTG
@sequretek_sqtk
22 Nov 2024
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Milyonlarca WordPress Sitesini Tehdit Eden Kritik Güvenlik Açığı! 🚨 CVE-2024-10924 kodlu güvenlik açığı, 4 milyon WordPress sitesi için tehdit oluşturuyor. Bu açık, saldırganların web sitenizde uzaktan kod çalıştırmasına (RCE) fırsat veriyor komik yanı ise açık,DarkWebde… ht
@AydemirSerhat
21 Nov 2024
47 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 Security Alert: A critical vulnerability (CVE-2024-10924) in the 'Really Simple Security' plugin for WordPress allows attackers to bypass authentication and gain admin access. Update to version 9.1.2 or later immediately to protect your site! #Cybersecurity #Ostorlab… https:/
@OstorlabSec
21 Nov 2024
57 Impressions
2 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-10924
@transilienceai
21 Nov 2024
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#KDaily@kaspersky CVE-2024-10924: уязвимость на 4 миллионах сайтов В популярном плагине для усиления безопасности сайта на WordPress обнаружена уязвимость, допускающая обход аутентификации. https://t.co/UieQG0stPt
@kmscom6
20 Nov 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#KDaily@kaspersky CVE-2024-10924: уязвимость на 4 миллионах сайтов В популярном плагине для усиления безопасности сайта на WordPress обнаружена уязвимость, допускающая обход аутентификации. https://t.co/p5ZJZW5Vps
@kmscom3
20 Nov 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
0-click RCE Exploit for CVE-2024-10924 that affects 4 million WP sites 🤪 Secure your site ASAP! #WordPress #BugBounty #BugBountyTips https://t.co/FQom2ThXuO
@JoshuaProvoste
20 Nov 2024
22953 Impressions
57 Retweets
316 Likes
198 Bookmarks
5 Replies
0 Quotes
🚨 A critical vulnerability (CVE-2024-10924) in the Really Simple Security plugin for WordPress exposes over 4 million sites! With a CVSS score of 9.8, it allows attackers to bypass authentication and gain full admin access. Ouch! Stay sharp, and remember: always check for… htt
@mpgone_it
20 Nov 2024
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Security Alert: CVE-2024-10924 🔴 Severity: Critical 🔍 Affected Systems: Really Simple Security Plugin 💡 Risk: Account takeover vulnerability ⚠️ Action Required: Update plugin 💻 Read More: https://t.co/W3SBWwZM1x #CyberSecurity #CVE #Wordpress https://t.co/uOZK2yrFAU
@HostStage
19 Nov 2024
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #vulnerability, tracked as CVE-2024-10924 (CVSS score: 9.8), impacts both free and premium versions of the plugin. The #software is installed on over 4 million #WordPress sites. https://t.co/CYNv7Yhb03
@BLACKWATCHIRE24
19 Nov 2024
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Falha crítica em plugin de segurança amplamente utilizado expõe milhões de sites WordPress: a vulnerabilidade “CVE-2024-10924”, identificada na extensão “Really Simple Security”, permite que invasores remotos obtenham acesso administrativo às páginas vulneráveis, quando a
@BotDeschamps
19 Nov 2024
33 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
A critical flaw in the Really Simple Security plugin (CVE-2024-10924) impacts 4M+ WordPress sites, allowing attackers full admin access if two-factor authentication is enabled. Update to 9.1.2 immediately to secure your site. #WordPress #CyberSecurity https://t.co/D5yHDnArn0
@Insights_things
19 Nov 2024
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#CybersecurityUpdate: Il plugin "Really Simple Security" di #WordPress, fondamentale per oltre 4 milioni di siti, presenta una grave vulnerabilità (CVE-2024-10924, CVSS 9.8) che implica rischi significativi di bypass dell'autenticazione. Gli sviluppatori hanno introdotto… https:/
@cyber_net_now
19 Nov 2024
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
𝗩𝗶𝘀𝘁𝗲𝗺 𝗦𝗼𝗹𝘂𝘁𝗶𝗼𝗻𝘀, 𝗜𝗻𝗰. - "Enhancing your business securely through innovation and technology." Please be advised that a critical vulnerability (CVE-2024-10924) has been discovered in the Really Simple Security plugin, which could allow attackers to gain admin…
@VistemSolutions
19 Nov 2024
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites. A critical authentication bypass vulnerability CVE-2024-10924 (CVSS score: 9.8) has been disclosed in the Really Simple Security (formerly Really Simple SSL) plugin for WordPress. https://t.co/KhMhKWwHh4 https:
@riskigy
18 Nov 2024
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Warning: Critical vulnerability in the popular @wordpress plugin Really Simple Security. #CVE-2024-10924 CVSS: 9.8. Can lead to attackers logging in as any user on the website - incl. administrators - so #Patch #Patch #Patch. More info: https://t.co/vDa95TK6v0
@CCBalert
18 Nov 2024
253 Impressions
1 Retweet
0 Likes
2 Bookmarks
0 Replies
0 Quotes
ثغرة أمنية حرجة (CVE-2024-10924) في مكون Really Simple SSL تؤثر على أكثر من 4 ملايين موقع WordPress، مما يسمح للمهاجمين بتجاوز 2FA والحصول على وصول المسؤول عن بُعد. التفاصيل هنا: https://t.co/L40H9Z1ojn التصحيح متاح—تحديث الآن!
@CERT_Arabic
18 Nov 2024
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨CVE-2024-10924: 'Really Simple Security' plugin authentication bypass vulnerability in WordPress exposes websites to takeover and provides full administrative access. 📊 3.5K+ Services are found on https://t.co/ysWb28BTvF yearly. 🔗Hunter Link: https://t.co/eHG9BFarNv…
@HunterMapping
18 Nov 2024
11789 Impressions
54 Retweets
178 Likes
84 Bookmarks
1 Reply
0 Quotes
WordPress Plugin Vulnerability Exposes 4M+ Websites To Hackers: https://t.co/Xt6CVyasBJ A critical vulnerability (CVE-2024-10924) in the Really Simple Security plugin, affecting over 4 million WordPress sites, allows unauthenticated attackers to bypass two-factor authentication…
@securityRSS
18 Nov 2024
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ALERTE CRITIQUE pour les utilisateurs WordPress ! Une faille massive dans le plugin Really Simple Security (CVE-2024-10924) expose + de 4M de sites ! Exploitable même avec 2FA, elle permet …👇👇👇 (Suite ci-dessous) #Cybersécurité #WordPress #FailleSécurité https://t.co/Ttdx
@hackthedevils
18 Nov 2024
19 Impressions
1 Retweet
2 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨WordPressプラグインの重大な欠陥:サイト400万件以上が乗っ取られていた恐れ(CVE-2024-10924) 〜サイバーセキュリティ週末のニュース〜 https://t.co/dIdfwai61x #セキュリティ #インテリジェンス #OSINT
@MachinaRecord
18 Nov 2024
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10924 WordPress / Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 – 9.1.1.1 – Authentication Bypass / POC https://t.co/gHCG7qOlBg
@turne85540
18 Nov 2024
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
TheHackersNews: A critical #vulnerability (CVE-2024-10924) in the Really Simple SSL plugin affects 4 Million+ #WordPress sites, allowing attackers to bypass 2FA and gain admin access remotely. Details here: https://t.co/IkURWHaxyb Patch available—update now!
@jvquantum
18 Nov 2024
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical #vulnerability (CVE-2024-10924) in the Really Simple SSL plugin affects 4 Million+ #WordPress sites, allowing attackers to bypass 2FA and gain admin access remotely. Details here: https://t.co/tkk0imUeKm Patch available—update now!
@TheHackersNews
18 Nov 2024
42908 Impressions
62 Retweets
117 Likes
33 Bookmarks
3 Replies
7 Quotes
WordpressのセキュリティプラグインであるReally Simple Securityに脆弱性(CVE-2024-10924)が発見され、攻撃者が容易に管理者権限を悪用可能とのこと。また改竄サイト激増の予感。 https://t.co/S12oS7LMFi
@x64koichi
18 Nov 2024
3275 Impressions
10 Retweets
43 Likes
13 Bookmarks
1 Reply
1 Quote
به تازگی آسیب پذیری با کد شناسایی CVE-2024-10924 برای پلاگین معروف Wordpress به نام Really Simple Security منتشر شده است که ۴ میلیون وب سایت wordpress در معرض هک شدن در سراسر دنیا می باشند. نسخه های 9.0.0 تا 9.1.1.1 این پلاگین دارای این آسیب پذیری می باشد. https://t.co/Poz3aKY03t
@AmirHossein_sec
17 Nov 2024
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#WordPress Over 4mln WordPress websites were impacted by a critical 'Really Simple Security' plugin authentication bypass vulnerability CVE-2024-10924 (CVSS score 9.8) exposing websites to takeover and providing full administrative access: 👇 https://t.co/EX9Wdwveir https://t.co
@securestep9
16 Nov 2024
68 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Critical security vulnerability CVE-2024-10924 in WordPress Really Simple Security plugin affects 4M+ websites. Patch available in version 9.1.2. More details here: https://t.co/AhVs5SuVMF #WordPress #ReallySimpleSecurity #Vulnerability
@CandidTodayTech
15 Nov 2024
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10924 The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to i… https://t.co/q4lohITdci
@CVEnew
15 Nov 2024
513 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10924 (CVSS 9.8): Authentication Bypass in Really Simple Security Plugin Affects 4 Million Sites https://t.co/OlvSLmOPpl
@Dinosn
15 Nov 2024
2473 Impressions
11 Retweets
18 Likes
3 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:really-simple-plugins:really_simple_security:*:*:*:*:-:wordpress:*:*",
"matchCriteriaId": "2BD11D73-4867-4592-BFCE-16777EFCB18A",
"versionEndExcluding": "9.1.2",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:really-simple-plugins:really_simple_security:*:*:*:*:pro:wordpress:*:*",
"matchCriteriaId": "47BB227E-A208-49DE-8FC8-F62EC99D7818",
"versionEndExcluding": "9.1.2",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:really-simple-plugins:really_simple_security:*:*:*:*:pro_multisite:wordpress:*:*",
"matchCriteriaId": "9FAA4AD2-27FA-4DEA-BDB2-DE61EE6A0A7F",
"versionEndExcluding": "9.1.2",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]