CVE-2026-48969

MEDIUM EXPLOITED

WordPress Really Simple SSL plugin <= 9.5.9 - Broken Access Control vulnerability

Title source: cna

CVE-2026-48969 has been observed exploited in the wild (reported by VulnCheck KEV).

Subscriber Broken Access Control in Really Simple SSL <= 9.5.9 versions.

Core 1

Core References

Vdb Entry vdb-entry

CVSS v3 6.5

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

VulnCheck KEV 2026-06-15

CWE

CWE-862

Status published

Products (1)

Really Simple Plugins B.V./Really Simple SSL < 9.5.9

Published Jun 15, 2026

Tracked Since Jun 15, 2026