Unauthenticated Broken Authentication in Really Simple SSL Plugin by WordPress
CVE-2026-48970

8.1HIGH

Key Information:

Vendor: WordPress
Status: Really Simple Ssl
Vendor: CVE Published:; 15 June 2026

What is CVE-2026-48970?

The Really Simple SSL plugin for WordPress versions up to 9.5.10 is affected by an unauthenticated broken authentication vulnerability. This weakness allows attackers to exploit inadequate authentication measures, potentially granting them unauthorized access to sensitive functionalities. Website administrators using affected versions should promptly update to secure their sites against potential intrusions that could compromise user security and data integrity.

Affected Version(s)

Really Simple SSL <= 9.5.10

References

https://patchstack.com/database/wordpress/plugin/really-s...

vdb-entry

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2026
Vulnerability Reserved
May 26, 2026

Credit

Septio Noerdiansyah | Patchstack Bug Bounty Program

CVE-2026-48970 Data

JSON