The two-factor profile settings handler in Really Simple SSL applies 2FA profile changes to the WP_User passed via the request without verifying that it matches the currently authenticated user. An authenticated user could therefore modify another user’s two-factor authentication settings (disable 2FA, reset backup codes, change the configured method), which can be used as a stepping stone for account takeover.
This vulnerability affects the following application versions:
- Really Simple SSL 9.0.0
- Really Simple SSL 9.0.2
- Really Simple SSL 9.1.0
- Really Simple SSL 9.1.1
- Really Simple SSL 9.1.1.1
- Really Simple SSL 9.1.2