Vulnerabilities and security researches forreally-simple-ssl really-simple-ssl

Jun 07, 2024

CVE, Research URL: CVE-2024-31229
Home page URL: Security reports for Really Simple SSL
Application: Really Simple SSL
Date: Apr 18, 2024
Research Description: Server-Side Request Forgery (SSRF) vulnerability in Really Simple Plugins Really Simple SSL.This issue affects Really Simple SSL: from n/a through 7.2.3.
Affected versions: max 8.0.0.
Status: vulnerable

Nov 15, 2024

CVE, Research URL: CVE-2024-10924
Home page URL: Security reports for Really Simple SSL
Application: Really Simple SSL
Date: Nov 15, 2024
Research Description: The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default).
Affected versions: Min 9.0.0, max 9.1.1.1.
Status: vulnerable

Jan 25, 2025

CVE, Research URL: CVE-2025-24623
Home page URL: Security reports for Really Simple SSL
Application: Really Simple SSL
Date: Jan 24, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Security Really Simple SSL allows Cross Site Request Forgery. This issue affects Really Simple SSL: from n/a through 9.1.4.
Affected versions: max 9.2.0.
Status: vulnerable

Mar 29, 2026

CVE, Research URL: CVE-2026-32461
Home page URL: Security reports for Really Simple SSL
Application: Really Simple SSL
Date: Mar 14, 2026
Research Description: Missing Authorization vulnerability in Really Simple Plugins Really Simple SSL really-simple-ssl allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simple SSL: from n/a through <= 9.5.7.
Affected versions: max 9.5.7.
Status: vulnerable

May 01, 2026

PSC, Research URL: PSC-2026-64653
Home page URL: Security reports for Really Simple SSL
Application: Really Simple SSL
Date: May 01, 2026
Research Description: Security and SSL enforcement plugins operate across some of the most sensitive trust boundaries in WordPress because they can influence HTTPS migration, redirect behavior, security headers, login protection, two-factor authentication, vulnerability detection, and site hardening controls. Weaknesses in this class of plugin can affect confidentiality, session safety, authentication integrity, administrative access control, or the reliability of security configuration across the entire site. Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) version 9.5.10.1 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64653, confirming that the plugin was reviewed from a secure code perspective with attention to the most common exploitation paths for SSL, hardening, login protection, vulnerability monitoring, and WordPress security plugins.
Affected versions: Min 9.5.10.1, max 9.5.10.1.
Status: SAFE & CERTIFIED