Skip to main content

Really Simple Ssl

3 CVEs product

Monthly

CVE-2026-48970 HIGH This Week

Authentication bypass in the Really Simple SSL WordPress plugin versions 9.5.10 and earlier allows remote attackers to circumvent identity verification controls (CWE-288), potentially gaining unauthorized access to WordPress sites that rely on the plugin's two-factor or login security features. The flaw was disclosed via Patchstack and carries a CVSS 3.1 base score of 8.1 driven by high impact on confidentiality, integrity, and availability, though high attack complexity (AC:H) suggests non-trivial preconditions. No public exploit identified at time of analysis and EPSS data was not supplied.

Information Disclosure Really Simple Ssl
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-48969 MEDIUM This Month

Broken access control in the Really Simple SSL WordPress plugin versions 9.5.9 and earlier permits any authenticated subscriber - the lowest default WordPress user role - to perform privileged actions that should be restricted to administrators. The CVSS vector (PR:L/I:H) confirms that low-privilege authenticated users can achieve high-integrity impact, likely by manipulating SSL redirect rules or plugin security settings without authorization. No public exploit has been identified at time of analysis, but the network-accessible, low-complexity nature of the flaw makes it trivially exploitable by any user who can obtain a subscriber account on an affected installation.

Authentication Bypass Really Simple Ssl
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-32461 MEDIUM This Month

Really Simple SSL versions 9.5.7 and earlier contain an authorization bypass flaw that allows unauthenticated remote attackers to modify security settings through improper access control mechanisms. The vulnerability has a medium severity rating with a CVSS score of 5.3 and currently lacks a publicly available patch. Organizations using affected versions should review their SSL security configurations and consider upgrading when patches become available.

Authentication Bypass Really Simple Ssl
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
EPSS 0% CVSS 8.1
HIGH This Week

Authentication bypass in the Really Simple SSL WordPress plugin versions 9.5.10 and earlier allows remote attackers to circumvent identity verification controls (CWE-288), potentially gaining unauthorized access to WordPress sites that rely on the plugin's two-factor or login security features. The flaw was disclosed via Patchstack and carries a CVSS 3.1 base score of 8.1 driven by high impact on confidentiality, integrity, and availability, though high attack complexity (AC:H) suggests non-trivial preconditions. No public exploit identified at time of analysis and EPSS data was not supplied.

Information Disclosure Really Simple Ssl
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Broken access control in the Really Simple SSL WordPress plugin versions 9.5.9 and earlier permits any authenticated subscriber - the lowest default WordPress user role - to perform privileged actions that should be restricted to administrators. The CVSS vector (PR:L/I:H) confirms that low-privilege authenticated users can achieve high-integrity impact, likely by manipulating SSL redirect rules or plugin security settings without authorization. No public exploit has been identified at time of analysis, but the network-accessible, low-complexity nature of the flaw makes it trivially exploitable by any user who can obtain a subscriber account on an affected installation.

Authentication Bypass Really Simple Ssl
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Really Simple SSL versions 9.5.7 and earlier contain an authorization bypass flaw that allows unauthenticated remote attackers to modify security settings through improper access control mechanisms. The vulnerability has a medium severity rating with a CVSS score of 5.3 and currently lacks a publicly available patch. Organizations using affected versions should review their SSL security configurations and consider upgrading when patches become available.

Authentication Bypass Really Simple Ssl
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy