What the vulnerability does
01Description
Subscriber Broken Access Control in Really Simple SSL <= 9.5.9 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
What the vulnerability does
Subscriber Broken Access Control in Really Simple SSL <= 9.5.9 versions.
Explanation of Vulnerability in Simple Terms
Really Simple SSL versions up to 9.5.9 lack proper authorization checks, allowing authenticated users with low privileges to modify site settings they should not have access to. An attacker with a basic user account can change SSL configuration and other critical settings without proper permission validation. Update to a version newer than 9.5.9 to resolve this issue.
What an attacker can do
Modify SSL and site settings without proper authorization as a low-privilege authenticated user.
Potential impact on your site
Unauthorized users can alter SSL configuration and other protected settings, potentially exposing the site to security misconfigurations.
Conditions required to exploit
Attacker must have a valid low-privilege user account on the WordPress site.
Key dates
External resources
Related vulnerabilities