WP Clinic
Log in Sign up

PLUGIN SECURITY

Is Really Simple Ssl safe?

Known vulnerabilities, PHP compatibility and safer alternatives for the Really Simple Ssl WordPress plugin — checked against WP Clinic's local security database.

Plugin details

  • Slug: really-simple-ssl
  • Requires PHP: 7.4+
  • Max supported PHP (analyzed): 8.4

Known vulnerabilities

  • Really Simple Security &#8211; Simple and Performant Security (formerly Really Simple SSL) [really-simple-ssl] < 8.0.0 [CVE-2024-31229, WordPress Really Simple SSL Plugin <= 7.2.3 is vulnerable to Server Side Request Forgery (SSRF), Really Simple SSL <= 7.2.3 - Authenticated (Admin+) Server-Side Request Forgery]
  • Really Simple Security &#8211; Simple and Performant Security (formerly Really Simple SSL) [really-simple-ssl] >= 9.0.0 - <= 9.1.1.1 [CVE-2024-10924, WordPress Really Simple SSL Plugin 9.0.0-9.1.1.1 is vulnerable to Broken Authentication, Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 - 9.1.1.1 - Authentication Bypass]
  • Really Simple Security &#8211; Simple and Performant Security (formerly Really Simple SSL) [really-simple-ssl] < 9.2.0 [CVE-2025-24623, WordPress Really Simple SSL Plugin <= 9.1.4 is vulnerable to Cross Site Request Forgery (CSRF), Really Simple SSL <= 9.1.4 - Cross-Site Request Forgery, EUVD-2025-3825]
  • Really Simple Security &#8211; Simple and Performant Security (formerly Really Simple SSL) [really-simple-ssl] < 9.5.8 [CVE-2026-32461, Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) <= 9.5.7 - Missing Authorization]
  • Really Simple Security &#8211; Simple and Performant Security (formerly Really Simple SSL) [really-simple-ssl] < 9.5.10.1 [CVE-2026-8293]
+ 2 more known vulnerabilities
  • Really Simple Security &#8211; Simple and Performant Security (formerly Really Simple SSL) [really-simple-ssl] < 9.5.10 [CVE-2026-48969, Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) <= 9.5.9 - Missing Authorization]
  • Really Simple Security &#8211; Simple and Performant Security (formerly Really Simple SSL) [really-simple-ssl] < 9.5.10.1 [CVE-2026-48970, Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) <= 9.5.10 - Missing Authorization, Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) &lt;= 9.5.10 - Missing Authorization]

Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.

Safer / more established alternatives

Check your own WordPress site

Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.