CVE-2024-10924
Really Simple Security WordPress plugin, affecting versions 9.0.0 to 9.1.1.1. The flaw enables attackers to bypass authentication, potentially gaining admin access to sites if the plugin’s two-factor authentication is enabled.
What is Really Simple Security
The Really Simple Security plugin formerly known as “Really Simple SSL,” is a popular WordPress plugin used to enhance website security. Its primary features include enabling SSL (Secure Sockets Layer) on WordPress sites to ensure secure connections, providing additional security options such as two-factor authentication and implementing measures to harden a site’s defenses against attacks.
I tried to replicate the CVE in my local and here is the detailed information about the issues faced while setting up the environment.
Initial set up was done in my ubuntu local to replicate the CVE using the docker configuration file. Fresh wordpress and sql database was installed. Once i tried to download the vulnerabe plugin and install it from GUI i faced the multiple issues like
- Plugin directory didnt have enough permission
- Size restriction for the uploading plugin size
- Outgoing email restriction
From the following image we can see that the plugin upload was failed due to the permission issue, which can be fixed by providing the necessary permission to the hosting folder.
Still after that i couldnt able to upload the plugin due to the size restriction for the uploading the plugin. It can be modified using the custom php.ini file
To fully utilize the features of really simple ssl plugin and replicate the vulnerability we need to have an active outgoing email feature enabled in the server. To resolve this and for future usage i migrated the setup from my local to the digital ocean instance.
To use the email feature we can use the WP-SMTP plugin service. And to configure the gmail we should need to get the oAuth secrest and ids from the google workspace. Once all these were configured we are ready to recreate the CVE vulnerability
After setting up the environment in the digitalocean i faced the following error of 404 due to the pragmalinks were not enabled properly in the wordpress installation. After fixing that issue we got the 500 internal server error.