Skip to content

Trackflaw/CVE-2024-10924-Wordpress-Docker

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
scripts
scripts
 
 
wordpress
wordpress
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 
exploit-wordpress.mp4
exploit-wordpress.mp4
 
 

Repository files navigation

CVE-2024-10924 : Wordpress Really Simple Security authentication bypass flaw in Docker

Description

The Really Simple Security plugins (Free, Pro, and Pro Multisite) for WordPress, versions 9.0.0 to 9.1.1.1, are affected by an authentication bypass vulnerability.

This issue arises from improper error handling in the check_login_and_get_user function used in two-factor REST API actions.

As a result, unauthenticated attackers can potentially log in as any existing user, including administrators, if the "Two-Factor Authentication" feature is enabled (disabled by default).

Vulnerable docker

git clone git@github.com:Trackflaw/CVE-2024-10924-Wordpress-Docker.git
cd CVE-2024-10924-Wordpress-Docker
docker compose up --build

Video

exploit-wordpress.mp4

About

Vulnerable docker container for Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 – 9.1.1.1 – Authentication Bypass CVE-2023-50164

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages