CVE-2026-27397
Authorization Bypass in Really Simple Security Pro via Access Control Flaw
Publication date: 2026-03-19
Last updated on: 2026-04-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| really_simple_plugins_b.v. | really_simple_security_pro | From 9.5.4.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-27397 is an Insecure Direct Object References (IDOR) vulnerability in the Really Simple Security Pro WordPress plugin versions up to 9.5.4.0.
This vulnerability allows attackers to bypass authorization and authentication controls by exploiting incorrectly configured access control security levels.
An attacker with at least subscriber-level privileges can exploit this flaw to gain unauthorized access to sensitive files, folders, or database interactions.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to sensitive data or resources within a website using the affected plugin.
This could result in data exposure, modification, or disruption of service, as the attacker can bypass normal access controls.
Given the CVSS score of 6.5, the risk is moderate but significant enough to potentially affect many websites regardless of their traffic or popularity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "The vulnerability in Really Simple Security Pro Plugin allows attackers to bypass authorization controls, potentially accessing sensitive files or database interactions. Detection involves monitoring for unauthorized access attempts or suspicious requests targeting the plugin's endpoints."}, {'type': 'paragraph', 'content': 'Since the vulnerability requires at least subscriber-level privileges to exploit, reviewing logs for unusual subscriber activity or unexpected access patterns can help identify exploitation attempts.'}, {'type': 'paragraph', 'content': 'No specific detection commands are provided in the available resources.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'The primary immediate mitigation step is to update the Really Simple Security Pro Plugin to version 9.5.4.1 or later, where the vulnerability is patched.'}, {'type': 'paragraph', 'content': 'If immediate updating is not possible, Patchstack provides a mitigation rule that blocks all requestsβboth legitimate and illegitimateβto cover all attack scenarios until the update can be applied.'}, {'type': 'paragraph', 'content': "Users are also advised to use Patchstack's automatic mitigation and auto-update features if available, or seek assistance from their hosting provider or web developer to implement temporary protections."}] [1]