CVE-2024-10924

This Python script exploits an authentication bypass vulnerability in Really Simple Security (CVE-2024-10924) by sending a crafted POST request to the `/reallysimplessl/v1/two_fa/skip_onboarding` endpoint, allowing unauthenticated attackers to log in as any user when Two-Factor Authentication is enabled.

This repository contains a functional Python exploit for CVE-2024-10924, an authentication bypass vulnerability in Really Simple Security WordPress plugin versions < 9.1.2. The exploit sends a crafted POST request to bypass two-factor authentication and obtain a valid session cookie for any user ID.

This repository contains a functional exploit for CVE-2024-10924, demonstrating a 0-click RCE vulnerability in WordPress sites. The exploit bypasses authentication and 2FA, uploads a malicious plugin, and establishes an interactive shell.

This repository provides a detailed technical analysis of CVE-2024-10924, an authentication bypass vulnerability in Really Simple Security < 9.1.2. It includes a vulnerable Docker environment for testing and a root cause analysis of the flawed `check_login_and_get_user()` function.

This PoC demonstrates an authentication bypass vulnerability in the Really Simple Security WordPress plugin by exploiting a flawed MFA implementation. It captures a Set-Cookie header via a crafted request to skip MFA onboarding and uses it to authenticate as an admin.

The repository contains a functional proof-of-concept for an authentication bypass vulnerability in Really Simple Security WordPress plugin versions 9.0.0 to 9.1.1.1. The exploit leverages improper user check error handling in the two-factor REST API actions, allowing unauthenticated attackers to log in as any existing user.

This repository contains a functional exploit for CVE-2024-10924, which bypasses MFA in WordPress by exploiting a vulnerability in the Really Simple SSL plugin's two-factor authentication endpoint. The exploit automates the process of obtaining a session cookie and logging into the WordPress admin panel.

This repository provides a Dockerized WordPress environment with the vulnerable Really Simple SSL plugin (version 9.1.1.1) to demonstrate CVE-2024-10924, an authentication bypass flaw in the Two-Factor Authentication feature. The setup includes a pre-configured WordPress instance with the vulnerable plugin installed, allowing for testing of the exploit.

This repository contains a detailed technical writeup of CVE-2024-10924, a critical 2FA bypass vulnerability in the Really Simple SSL WordPress plugin. It includes reconnaissance steps, vulnerability analysis, and exploitation methodology but does not provide functional exploit code.

This repository contains a functional Python exploit for CVE-2024-10924, which bypasses two-factor authentication (2FA) in the Really Simple SSL WordPress plugin by sending a crafted request to the vulnerable REST API endpoint.

This repository contains a functional exploit for CVE-2024-10924, an authentication bypass vulnerability in the Really Simple Security WordPress plugin (versions 9.0.0 - 9.1.1.1). The exploit sends a crafted POST request to bypass 2FA and extracts session cookies to gain administrative access.

This repository contains a functional exploit for CVE-2024-10924, an authentication bypass vulnerability in the Really Simple Security WordPress plugin. It includes a Dockerized vulnerable environment, a Python exploit script, and mitigation steps.

The repository contains functional exploit code for CVE-2024-10924, targeting a WordPress plugin (3DPrint Lite 1.9.1.4) with an arbitrary file upload vulnerability. The Python script demonstrates the ability to upload a malicious file to a vulnerable target.

The repository contains a functional exploit for CVE-2024-10924, targeting a vulnerability in Really Simple SSL plugin for WordPress. The exploit bypasses two-factor authentication by sending a crafted POST request to skip onboarding, potentially allowing unauthorized access.

The repository contains a functional exploit for CVE-2024-10924, an authentication bypass vulnerability in the Really Simple SSL WordPress plugin. The exploit sends a crafted JSON payload to bypass two-factor authentication and retrieves session cookies for unauthorized access.

The repository contains a functional Python exploit for CVE-2024-10924, an authentication bypass vulnerability in the WordPress Really Simple Security plugin. The exploit sends a crafted POST request to bypass authentication and retrieve session cookies for a specified user ID.

The repository contains a functional Python exploit for CVE-2024-10924, which bypasses 2FA onboarding in the WordPress Really Simple SSL plugin by sending a crafted POST request to the vulnerable `/reallysimplessl/v1/two_fa/skip_onboarding` endpoint. The exploit retrieves authentication cookies that can be used to gain admin access.

The repository contains a functional Python script that exploits CVE-2024-10924, an authentication bypass vulnerability in the WordPress Really Simple Security plugin. The exploit sends a crafted POST request to bypass 2FA and retrieve session cookies for any user ID.

This repository provides a Docker-based environment to demonstrate CVE-2024-10924, an authentication bypass vulnerability in the Really Simple Security WordPress plugin. It includes a pre-configured WordPress instance with the vulnerable plugin installed, allowing for testing of the exploit.

This PoC demonstrates an authentication bypass in the Really Simple Security WordPress plugin (CVE-2024-10924) by exploiting a flawed MFA implementation. It sends a crafted request to skip MFA onboarding, captures a session cookie, and uses it to authenticate as an admin user.

The repository contains a functional exploit for CVE-2024-10924, an authentication bypass vulnerability in the Really Simple Plugins WordPress plugin (versions 9.0.0 to 9.1.1.1). The exploit leverages a flaw in the REST API's error handling to bypass Two-Factor Authentication (2FA) and take control of a user account.

The repository contains a functional Python script that exploits CVE-2024-10924 by sending a crafted POST request to a WordPress endpoint to bypass authentication. The script targets the Really Simple SSL plugin's two-factor authentication onboarding process.

This Metasploit module exploits an authentication bypass vulnerability in the WordPress Really Simple SSL plugin (versions 9.0.0 to 9.1.1.1) to bypass 2FA and upload a malicious plugin for remote code execution (RCE). It requires 2FA to be enabled on the target site.