CVE-2026-48970 HIGH

CVE-2026-48970: WordPress Really Simple SSL plugin <= 9.5.10 - Broken Authentication vulnerability

Vendor Really Simple Plugins

Product Really Simple SSL

Weakness CWE-288

Published June 15, 2026

Last update June 16, 2026

CVSS base score

8.1/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

Description

Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions.

Key dates

June 15, 2026 CVE published

June 16, 2026 Record updated

CVE CVE-2026-48970

CWE CWE-288

CVSS 8.1 / HIGH

Vendor Really Simple Plugins

Product Really Simple SSL

Affected ≥ n/a and ≤ 9.5.10