[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"all-banners":3,"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0":40,"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU":47,"vulnerability-25808":53,"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU":86},[4,15,24,29,35],{"title":5,"slug":6,"text":7,"link":8,"external":9,"targets":10,"cta":12,"variant":13,"campaign_id":14},"NGINX Rift free scanner - CVE-2026-42945 - CVE Page","nginx-rift-cve-page","🚨 New: FREE SCANNER for NGINX Rift (CVE-2026-42945). No account needed.","https://pentest-tools.com/network-vulnerability-scanning/cve-2026-42945-scanner-nginx-rift",true,[11],"/vulnerabilities-exploits/nginx-heap-buffer-overflow_29311","Scan for free","secondary","nginx-rift",{"title":16,"slug":17,"text":18,"link":19,"external":9,"targets":20,"cta":22,"variant":23,"campaign_id":14},"NGINX Rift free scanner - CVE-2026-42945 - Network Scanner","nginx-rift-network-scanner","🚨 Detection for NGINX Rift (CVE-2026-42945) now live. Are you exposed?","https://pentest-tools.com/pricing",[21],"/network-vulnerability-scanning/network-security-scanner-online","Find out with any plan","primary",{"title":25,"slug":26,"text":18,"link":19,"external":9,"targets":27,"cta":22,"variant":23,"campaign_id":14},"NGINX Rift free scanner - CVE-2026-42945 - Port Scanner","nginx-rift-port-scanner",[28],"/network-vulnerability-scanning/port-scanner-online-nmap",{"title":30,"slug":31,"text":32,"link":8,"external":9,"targets":33,"cta":12,"variant":13,"campaign_id":14},"NGINX Rift free scanner - CVE-2026-42945 - VulnDB Index","nginx-rift-vulndb","🚨 New: free scanner for NGINX Rift (CVE-2026-42945). Check your targets now.",[34],"/vulnerabilities-exploits",{"title":36,"slug":37,"text":32,"link":8,"external":9,"targets":38,"cta":12,"variant":13,"campaign_id":14},"NGINX Rift free scanner - CVE-2026-42945 -blog","nginx-rift-blog",[39],"/blog",["Island",41],{"key":42,"params":43,"result":45},"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0",{"props":44},"{}",{"head":46},{},["Island",48],{"key":49,"params":50,"result":51},"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU",{"props":44},{"head":52},{},{"id":54,"detectable_with":55,"vuln_details":62,"vuln_id":83,"name":84,"published":85,"updated":63},25808,{"tool":56,"engine":59},{"id":57,"name":58},1,"Network Scanner",{"id":60,"name":61},2,"Nuclei",{"id":54,"codename":63,"description":63,"severity":64,"risk_description":65,"public_description":66,"public_recommendation":67,"recommendation":63,"references":68,"cvssv3":76,"epss_score":77,"epss_percentile":78,"cve":79,"in_cisa_catalog":81,"date":82,"software_type":63,"vendor":63,"product":63,"ptt_exploit_capabilities":63},null,"critical","Unauthenticated attackers can exploit improper error handling in the two-factor authentication REST API to bypass authentication and log in as any user including administrators when two-factor authentication is enabled.","The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the \"Two-Factor Authentication\" setting is enabled (disabled by default).","Fixed in 9.1.2",[69,70,71,72,73,74,75],"https://plugins.trac.wordpress.org/browser/really-simple-ssl/tags/9.1.1.1/security/wordpress/two-fa/class-rsssl-two-factor-on-board-api.php#L277","https://plugins.trac.wordpress.org/browser/really-simple-ssl/tags/9.1.1.1/security/wordpress/two-fa/class-rsssl-two-factor-on-board-api.php#L278","https://plugins.trac.wordpress.org/browser/really-simple-ssl/tags/9.1.1.1/security/wordpress/two-fa/class-rsssl-two-factor-on-board-api.php#L67","https://plugins.trac.wordpress.org/changeset/3188431/really-simple-ssl","https://wpscan.com/vulnerability/8e1f4374-2e41-4c27-80d4-db172015c6be/","https://www.wordfence.com/threat-intel/vulnerabilities/id/7d5d05ad-1a7a-43d2-bbbf-597e975446be?source=cve","https://nvd.nist.gov/vuln/detail/CVE-2024-10924",9.8,0.93889,0.99883,[80],"CVE-2024-10924",false,"2024-11-15T00:00:00Z","NETSCAN-NUCLEI-CVE-CVE-2024-10924","Really Simple Security \u003C 9.1.2 - Authentication Bypass","2024-12-04T00:00:00Z",["Island",87],{"key":88,"params":89,"result":91},"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU",{"props":90},"{\"text-color\":\"gray\"}",{"head":92},{}]