cleantalk
Vulnerabilities and Security Researches

Really Simple SSL, CVE-2026-8293

CVE, Research URL

CVE-2026-8293

Home page URL

Security reports for Really Simple SSL

Application

Really Simple SSL

Published on
Jun 02, 2026
Research Description
The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor authentication REST endpoints, allowing an attacker who knows a user's password to obtain a WordPress authentication session for that user without completing the email OTP challenge.
Affected versions
max 9.5.10.1.
Status
vulnerable
Previous vulnerability researches
Really Simple SSL (CVE-2024-31229) , Jun 07, 2024
Really Simple SSL (CVE-2024-10924) , Nov 15, 2024
Really Simple SSL , May 01, 2026
Really Simple SSL (CVE-2026-32461) , Mar 29, 2026
Really Simple SSL (CVE-2025-24623) , Jan 25, 2025
New vulnerability
EmergencyWP – Dead Man's switch & legacy deliverance (CVE-2026-9732) , Jun 04, 2026
Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin (CVE-2026-45441) , Jun 04, 2026
Job Manager and Recruitment Board for Employers and Candidates – Crew HRM (CVE-2026-27351) , Jun 04, 2026
CloudSecure WP Security (CVE-2026-42411) , Jun 04, 2026
AI Engine (CVE-2026-27407) , Jun 04, 2026