← back to popular plugins
wordfence / plugin · really-simple-ssl

Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)

really-simple-ssl
total installs
3,000,000
total vulns
2
critical
0
high
0
medium
2
low
0
latest vuln
patched
2
unpatched
0
avg time to patch
vulnerabilities (2)
Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) <= 9.5.7 - Missing Authorization
medium ✓ patched
cve id CVE-2026-32461 ↗
cvss score 4.3
cwe CWE-862: Missing Authorization
published Mar 15, 2026
The Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 9.5.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.
Really Simple SSL <= 9.1.4 - Cross-Site Request Forgery
medium ✓ patched
cve id CVE-2025-24623 ↗
cvss score 4.3
cwe CWE-352: Cross-Site Request Forgery (CSRF)
published Jan 24, 2025
The Really Simple SSL plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 9.1.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.