Access Control Flaw in Really Simple SSL Plugin by Really Simple SSL
CVE-2026-48969

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Really Simple Ssl
Vendor: CVE Published:; 15 June 2026

What is CVE-2026-48969?

The Really Simple SSL plugin versions up to and including 9.5.9 are affected by a broken access control vulnerability. This flaw allows unauthorized users to bypass restrictions, potentially leading to unauthorized access to sensitive resources and information. Website owners using vulnerable versions of this plugin are encouraged to apply updates promptly to mitigate risks.

Affected Version(s)

Really Simple SSL <= 9.5.9

References

https://patchstack.com/database/wordpress/plugin/really-s...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2026
Vulnerability Reserved
May 26, 2026

Credit

Evan NR | Patchstack Bug Bounty Program

CVE-2026-48969 Data

JSON

WordPress

What is CVE-2026-48969?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit