Share
## https://sploitus.com/exploit?id=C57DE2BF-932F-5D45-AFAC-A2AF6261BCFC
# wordpress-really-simple-security-authn-bypass-exploit

This is a Python3 program that exploits Really Simple Security < 9.1.2 authentication bypass vulnerability (CVE-2024-10924).

## DISCLAIMER

**This tool is intended for security engineers and appsec people for security assessments. Please use this tool responsibly. I do not take responsibility for the way in which any one uses this application. I am NOT responsible for any damages caused or any crimes committed by using this tool.**

## Vulnerability info

* **CVE-ID**: CVE-2024-10924
* **Link**: [https://vulners.com/cve/CVE-2024-10924](https://vulners.com/cve/CVE-2024-10924)
* **Description**: This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "*Two-Factor Authentication*" setting is enabled (disabled by default).
* **Fix:** [https://plugins.trac.wordpress.org/changeset/3188431/really-simple-ssl](https://plugins.trac.wordpress.org/changeset/3188431/really-simple-ssl)
* **Wordfence bulletin:** [https://www.wordfence.com/threat-intel/vulnerabilities/detail/really-simple-security-free-pro-and-pro-multisite-900-9111-authentication-bypass](https://www.wordfence.com/threat-intel/vulnerabilities/detail/really-simple-security-free-pro-and-pro-multisite-900-9111-authentication-bypass)

## Help

```
$ ./exploit.py --help
usage: exploit.py [-h] -t TARGET [-uid USER_ID] [-v]

Exploit for Really Simple Security < 9.1.2 authentication bypass vulnerability (CVE-2024-10924). - v1.0 (2024-11-19)

options:
  -h, --help            show this help message and exit
  -t TARGET, --target TARGET
                        URL of the target WordPress
  -uid USER_ID, --user-id USER_ID
                        Victim user ID (1 is usually the admin).
  -v, --verbose         verbose mode
```

## Examples

```
./exploit.py -t http://localhost:1337
```

```
./exploit.py -t http://localhost:1337 -uid 1 -v
```

## Vulnerable application

A vulnerable application can be setup using [this repository](https://github.com/m3ssap0/wordpress-really-simple-security-authn-bypass-vulnerable-application).

## Authors

* **Antonio Francesco Sardella** - *implementation* - [m3ssap0](https://github.com/m3ssap0)

## License

See the [LICENSE](LICENSE) file for details.

## Acknowledgments

* [**István Márton**](https://www.wordfence.com/threat-intel/vulnerabilities/detail/really-simple-security-free-pro-and-pro-multisite-900-9111-authentication-bypass), the security researcher who discovered the vulnerability.