## https://sploitus.com/exploit?id=C57DE2BF-932F-5D45-AFAC-A2AF6261BCFC
# wordpress-really-simple-security-authn-bypass-exploit
This is a Python3 program that exploits Really Simple Security < 9.1.2 authentication bypass vulnerability (CVE-2024-10924).
## DISCLAIMER
**This tool is intended for security engineers and appsec people for security assessments. Please use this tool responsibly. I do not take responsibility for the way in which any one uses this application. I am NOT responsible for any damages caused or any crimes committed by using this tool.**
## Vulnerability info
* **CVE-ID**: CVE-2024-10924
* **Link**: [https://vulners.com/cve/CVE-2024-10924](https://vulners.com/cve/CVE-2024-10924)
* **Description**: This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "*Two-Factor Authentication*" setting is enabled (disabled by default).
* **Fix:** [https://plugins.trac.wordpress.org/changeset/3188431/really-simple-ssl](https://plugins.trac.wordpress.org/changeset/3188431/really-simple-ssl)
* **Wordfence bulletin:** [https://www.wordfence.com/threat-intel/vulnerabilities/detail/really-simple-security-free-pro-and-pro-multisite-900-9111-authentication-bypass](https://www.wordfence.com/threat-intel/vulnerabilities/detail/really-simple-security-free-pro-and-pro-multisite-900-9111-authentication-bypass)
## Help
```
$ ./exploit.py --help
usage: exploit.py [-h] -t TARGET [-uid USER_ID] [-v]
Exploit for Really Simple Security < 9.1.2 authentication bypass vulnerability (CVE-2024-10924). - v1.0 (2024-11-19)
options:
-h, --help show this help message and exit
-t TARGET, --target TARGET
URL of the target WordPress
-uid USER_ID, --user-id USER_ID
Victim user ID (1 is usually the admin).
-v, --verbose verbose mode
```
## Examples
```
./exploit.py -t http://localhost:1337
```
```
./exploit.py -t http://localhost:1337 -uid 1 -v
```
## Vulnerable application
A vulnerable application can be setup using [this repository](https://github.com/m3ssap0/wordpress-really-simple-security-authn-bypass-vulnerable-application).
## Authors
* **Antonio Francesco Sardella** - *implementation* - [m3ssap0](https://github.com/m3ssap0)
## License
See the [LICENSE](LICENSE) file for details.
## Acknowledgments
* [**István Márton**](https://www.wordfence.com/threat-intel/vulnerabilities/detail/really-simple-security-free-pro-and-pro-multisite-900-9111-authentication-bypass), the security researcher who discovered the vulnerability.