CVE-2024-10924 Explained: Security Plugin Flaw in Millions of WordPress Sites

By Nethanel Gelernter, Co-Founder and CTO | Published: November 19, 2024

Summary: What is CVE-2024-10924?

A critical authentication bypass vulnerability (CVE-2024-10924) was discovered in the WordPress plugin Really Simple Security (formerly Really Simple SSL), affecting both free and Pro versions (9.0.0 to 9.1.1.1) when the "Two-Factor Authentication" setting is enabled. This flaw allows unauthenticated attackers to log in as any user, including administrators, due to improper error handling in the two-factor REST API's check_login_and_get_user function.

  • Discovered by: István Márton (Wordfence), November 6, 2024
  • Impact: Remote attackers can gain full admin control of affected sites
  • Scale: Over 4 million active installations potentially affected
  • Exploitability: Vulnerable at scale via automated scripts
  • Severity: Described by Wordfence as one of the most severe flaws in its 12-year history

Wordfence recommends hosting providers force-update the plugin and scan databases to ensure no vulnerable versions remain.

References: Bleeping Computer, NIST NVD

About the Really Simple Security Plugin

This popular WordPress security plugin provides SSL configuration, login protection, two-factor authentication (2FA), and real-time vulnerability scanning. The free version is installed on over 4 million websites.

Are You Impacted?

  • The vulnerability is present when 2FA is enabled (disabled by default).
  • All users of versions 9.0.0 to 9.1.1.1 should update immediately.
  • IONIX customers: Updated threat intelligence is available in the IONIX Threat Center.

How IONIX Solves This Problem

  • Complete Attack Surface Visibility: IONIX automatically discovers all internet-facing assets, including WordPress sites and plugins, ensuring no shadow IT or unauthorized assets are missed.
  • Continuous Vulnerability Monitoring: IONIX tracks emerging CVEs (like CVE-2024-10924) and correlates them with your asset inventory, alerting you to exposures in real time.
  • Risk Prioritization: Our ML-based Connective Intelligence prioritizes vulnerabilities by severity and context, so you can focus on the most critical issues first.
  • Streamlined Remediation: IONIX integrates with Jira, ServiceNow, and SOAR platforms to automate ticketing and remediation workflows, reducing mean time to resolution (MTTR).
  • Customer Success Example: E.ON used IONIX to continuously discover and inventory their internet-facing assets, improving risk management and reducing exposure to plugin vulnerabilities.

Competitive Advantage: Unlike traditional vulnerability scanners, IONIX provides attacker-perspective validation, ensuring you see what real-world attackers see—helping you stay ahead of threats like CVE-2024-10924.

Frequently Asked Questions

How does IONIX help detect and mitigate plugin vulnerabilities like CVE-2024-10924?

IONIX continuously scans your external attack surface, including WordPress plugins, and cross-references them with the latest CVEs. When a vulnerability like CVE-2024-10924 is detected, IONIX alerts your team and provides prioritized remediation steps, integrating with your existing ITSM and SOAR tools for rapid response.

What makes IONIX different from other vulnerability management solutions?

IONIX uses ML-based Connective Intelligence to discover more assets and reduce false positives. Our platform validates exposures from an attacker's perspective, prioritizes risks by business context, and automates remediation workflows—delivering faster, more accurate protection than traditional tools.

How quickly can IONIX be deployed to protect my WordPress sites?

IONIX can be deployed in about a week, requiring minimal resources. Customers benefit from onboarding guides, tutorials, and a dedicated support team to ensure rapid time-to-value.

What compliance standards does IONIX support?

IONIX is SOC2 compliant and supports NIS-2 and DORA compliance, helping organizations meet regulatory requirements for vulnerability management and external exposure monitoring.

Where can I find more technical documentation or case studies?

Visit our Resources page for datasheets, guides, and customer success stories.

See IONIX in Action

Discover how IONIX can help you find and fix plugin vulnerabilities fast. Watch a short demo or book a personalized session.

Go back to All Blog posts

CVE-2024-10924 Explained: Security plugin flaw in millions of WordPress sites

Nethanel Gelernter
Nethanel Gelernter Co-Founder and CTO LinkedIn
November 19, 2024
Security alert: Zero-day vulnerability update for CVE-2024-10924 affecting millions of WordPress sites due to a security plugin flaw.

IONIX Tracks CVE-2024-10924 Security plugin flaw in millions of WordPress sites: This post is based on ongoing security research – and will continue to be updated as we get additional information…

What is CVE-2024-10924?

A critical authentication bypass vulnerability has been identified in the WordPress plugin Really Simple Security (formerly known as Really Simple SSL), affecting both its free and Pro versions.

Acording to an article in Bleeping Computer, the vulnerability, tracked as CVE-2024-10924, was discovered by Wordfence researcher István Márton on November 6, 2024. Ironically, it stems from an issue with the two-factor authentication mechanism, which, instead of enhancing security, has inadvertently created a critical weakness.

The Really Simple Security (Free, Pro, and Pro Multisite) plugin for WordPress is vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1 when the “Two-Factor Authentication” setting is enabled.
This is due to improper user check error handling in the two-factor REST API actions with the ‘check_login_and_get_user’ function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, even an administrator.

To exacerbate the situation, the flaw is exploitable at scale using automated scripts, raising the possibility of widespread website takeover campaigns. Wordfence, the security company that publicly disclosed the vulnerability, described it as one of the most severe flaws in its 12-year history. The vulnerability enables remote attackers to gain full administrative control of affected websites.

Given the gravity of the issue, Wordfence has recommended that hosting providers force-update the plugin on their customers’ sites and conduct database scans to ensure no vulnerable versions remain in use.

What is the Really Simple Security plugin for WordPress?

The Really Simple Security (Free, Pro, and Pro Multisite) is a popular security plugin designed for WordPress, offering features such as SSL configuration, login protection, two-factor authentication (2FA), and real-time vulnerability scanning. The plugin’s free version is actively installed on over four million websites.

Am I impacted by CVE-2024-10924?

The RSS plugin is vulnerable to authentication bypass when the “Two-Factor Authentication” setting is enabled. Note that by default 2FA is disabled for the plugin. Still, we recommend updating the plugin versions 9.0.0 to 9.1.1.1 immediately.

IONIX customers will see updated information in the threat center of the IONIX portal.

References

Bleeping Computer article
NIST article

WATCH A SHORT IONIX DEMO

See how easy it is to implement a CTEM program with IONIX. Find and fix exploits fast.

THE LATEST FROM IONIX

Marc Gaffan
August 11, 2025
Why Gartner Declared EASM Obsolete Before it Became Mainstream 
Learn more
Tal Zamir
August 7, 2025
CVE‑2025‑54253 & CVE‑2025‑54254 in Adobe Experience Manager Forms – What You Must Know
Learn more
Tal Zamir
August 5, 2025
Remote DNS Manipulation at Scale: How IONIX Uncovered 20,000 Malicious Subdomains from a Single Abused NS Record 
Learn more