CVE-2026-27397
Received Received - Intake
Authorization Bypass in Really Simple Security Pro via Access Control Flaw

Publication date: 2026-03-19

Last updated on: 2026-04-28

Assigner: Patchstack

Description
Authorization Bypass Through User-Controlled Key vulnerability in Really Simple Plugins B.V. Really Simple Security Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simple Security Pro: from n/a through 9.5.4.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-19
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-03-19
EPSS Evaluated
2026-06-15
NVD
CVE-2026-27397
EUVD
EUVD-2026-13055
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
really_simple_plugins_b.v. really_simple_security_pro From 9.5.4.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-27397 is an Insecure Direct Object References (IDOR) vulnerability in the Really Simple Security Pro WordPress plugin versions up to 9.5.4.0.

This vulnerability allows attackers to bypass authorization and authentication controls by exploiting incorrectly configured access control security levels.

An attacker with at least subscriber-level privileges can exploit this flaw to gain unauthorized access to sensitive files, folders, or database interactions.

Impact Analysis

The vulnerability can lead to unauthorized access to sensitive data or resources within a website using the affected plugin.

This could result in data exposure, modification, or disruption of service, as the attacker can bypass normal access controls.

Given the CVSS score of 6.5, the risk is moderate but significant enough to potentially affect many websites regardless of their traffic or popularity.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "The vulnerability in Really Simple Security Pro Plugin allows attackers to bypass authorization controls, potentially accessing sensitive files or database interactions. Detection involves monitoring for unauthorized access attempts or suspicious requests targeting the plugin's endpoints."}, {'type': 'paragraph', 'content': 'Since the vulnerability requires at least subscriber-level privileges to exploit, reviewing logs for unusual subscriber activity or unexpected access patterns can help identify exploitation attempts.'}, {'type': 'paragraph', 'content': 'No specific detection commands are provided in the available resources.'}] [1]

Mitigation Strategies

[{'type': 'paragraph', 'content': 'The primary immediate mitigation step is to update the Really Simple Security Pro Plugin to version 9.5.4.1 or later, where the vulnerability is patched.'}, {'type': 'paragraph', 'content': 'If immediate updating is not possible, Patchstack provides a mitigation rule that blocks all requestsβ€”both legitimate and illegitimateβ€”to cover all attack scenarios until the update can be applied.'}, {'type': 'paragraph', 'content': "Users are also advised to use Patchstack's automatic mitigation and auto-update features if available, or seek assistance from their hosting provider or web developer to implement temporary protections."}] [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27397. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart