[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fwavcgYEFt6iXwbwGrbPeDmH2QmTsWiQZ5dzE4e86Xho":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":30,"research_verified":31,"research_rounds_completed":32,"research_plan":33,"research_summary":34,"research_vulnerable_code":35,"research_fix_diff":36,"research_exploit_outline":37,"research_model_used":38,"research_started_at":39,"research_completed_at":40,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":31,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":31,"source_links":41},"CVE-2026-32461","really-simple-security-simple-and-performant-security-formerly-really-simple-ssl-missing-authorization","Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) \u003C= 9.5.7 - Missing Authorization","The Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 9.5.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.","really-simple-ssl",null,"\u003C=9.5.7","9.5.8","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2026-03-15 00:00:00","2026-03-19 15:07:17",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F68504f49-0b18-4010-97b0-7e7391408d36?source=api-prod",5,[22,23,24,25,26,27,28,29],"assets\u002Fcss\u002Fadmin.css","assets\u002Fcss\u002Fadmin.min.css","assets\u002Fcss\u002Frtl\u002Fadmin.css","assets\u002Fcss\u002Frtl\u002Fadmin.min.css","class-admin.php","class-mixed-content-fixer.php","core\u002Fconfig\u002Fenv.php","core\u002Fvendor\u002Fautoload.php","researched",false,3,"dismiss_review_notice`\n    *   Nonce: `rsssl_dismiss_review_notice` (action string)\n    *   Variable: `rsssl_admin.nonce`\n\n    *   Actually, I'll provide a plan for both the AJAX and the `admin_init` paths.\n\n    1.  **Vulnerability**: Missing capability check in `dismiss_review_notice_callback` (AJAX) and `maybe_dismiss_review_notice` (`admin_init`).\n    2.  **Vector**:\n        *   AJAX: `action=rsssl_dismiss_review_notice`\n        *   GET: `?rsssl_dismiss_review_notice=1` (or similar)\n    3.  **Authentication**: Subscriber.\n    4.  **Impact**: Attacker can dismiss important security\u002Freview notices for all administrators.\n\n    Wait, let's look for one more thing.\n    Is there anything in `class-mixed-content-fixer.php`?\n    No, that just handles output buffering.\n\n    Wait, I see `autoFixHtaccess` again.\n    ```php\n    public function autoFixHtaccess() {\n        if ( ! rsssl_user_can_manage() ) {\n            return;\n        }\n        if (get_option('rsssl_upgrade_firewall', false ) == true) {\n            do_action('rsssl_update_rules');\n            update_option('rsssl_upgrade_","The Really Simple Security plugin (formerly Really Simple SSL) for WordPress is vulnerable to unauthorized access because it lacks capability checks on functions used to dismiss administrative review notices. This allows authenticated attackers with Subscriber-level access or higher to dismiss site-wide notifications intended for administrators.","\u002F\u002F class-admin.php line 70\nadd_action( 'admin_init', array( $this, 'maybe_dismiss_review_notice' ) );\n\n\u002F\u002F class-admin.php line 82\nadd_action( 'wp_ajax_rsssl_dismiss_review_notice', array( $this, 'dismiss_review_notice_callback' ) );\n\n---\n\n\u002F\u002F Within class-admin.php (inferred from research plan as function bodies were truncated)\npublic function maybe_dismiss_review_notice() {\n    if ( isset( $_GET['rsssl_dismiss_review_notice'] ) ) {\n        \u002F\u002F Missing authorization and nonce check\n        update_option( 'rsssl_review_notice_dismissed', true );\n    }\n}\n\npublic function dismiss_review_notice_callback() {\n    \u002F\u002F Missing authorization check\n    check_ajax_referer( 'rsssl_dismiss_review_notice', 'nonce' );\n    update_option( 'rsssl_review_notice_dismissed', true );\n    wp_die();\n}","--- a\u002Fclass-admin.php\n+++ b\u002Fclass-admin.php\n@@ -1,6 +1,6 @@\n \tpublic function maybe_dismiss_review_notice() {\n-\t\tif ( isset( $_GET['rsssl_dismiss_review_notice'] ) ) {\n+\t\tif ( isset( $_GET['rsssl_dismiss_review_notice'] ) && rsssl_user_can_manage() ) {\n \t\t\tupdate_option( 'rsssl_review_notice_dismissed', true );\n \t\t}\n \t}\n@@ -1,6 +1,9 @@\n \tpublic function dismiss_review_notice_callback() {\n+\t\tif ( ! rsssl_user_can_manage() ) {\n+\t\t\treturn;\n+\t\t}\n \t\tcheck_ajax_referer( 'rsssl_dismiss_review_notice', 'nonce' );\n \t\tupdate_option( 'rsssl_review_notice_dismissed', true );\n \t\twp_die();\n \t}","The exploit target functions hooked to 'admin_init' and 'wp_ajax_rsssl_dismiss_review_notice' which run for all authenticated users. An attacker with Subscriber-level privileges can trigger the unauthorized action in two ways: \n1. AJAX Vector: Send a POST request to wp-admin\u002Fadmin-ajax.php with the 'action' set to 'rsssl_dismiss_review_notice' and a valid 'nonce' (often leaked in the admin dashboard source code for all logged-in users).\n2. GET Vector: Access any administrative URL with the parameter '?rsssl_dismiss_review_notice=1'. \n\nSuccessful execution updates the 'rsssl_review_notice_dismissed' option in the database to 'true', effectively hiding the review notice for all actual site administrators.","gemini-3-flash-preview","2026-04-18 03:39:20","2026-04-18 03:40:09",{"type":42,"vulnerable_version":43,"fixed_version":11,"vulnerable_browse":44,"vulnerable_zip":45,"fixed_browse":46,"fixed_zip":47,"all_tags":48},"plugin","9.5.7","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Freally-simple-ssl\u002Ftags\u002F9.5.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freally-simple-ssl.9.5.7.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Freally-simple-ssl\u002Ftags\u002F9.5.8","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freally-simple-ssl.9.5.8.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Freally-simple-ssl\u002Ftags"]