Search criteria
30 vulnerabilities found for wps_hide_login by wpserveur
FKIE_CVE-2024-6289
Vulnerability from fkie_nvd - Published: 2024-07-15 06:15 - Updated: 2025-03-17 16:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/fd6d0362-df1d-4416-b8b5-6e5d0ce84793/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/fd6d0362-df1d-4416-b8b5-6e5d0ce84793/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wpserveur | wps_hide_login | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wpserveur:wps_hide_login:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "664E9FF6-B832-4199-BA2B-5FC35CDCAD64",
"versionEndExcluding": "1.9.16.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page."
},
{
"lang": "es",
"value": "El complemento WPS Hide Login WordPress anterior a 1.9.16.4 no impide las redirecciones a la p\u00e1gina de inicio de sesi\u00f3n a trav\u00e9s de la funci\u00f3n auth_redirect de WordPress, lo que permite que un visitante no autenticado acceda a la p\u00e1gina de inicio de sesi\u00f3n oculta."
}
],
"id": "CVE-2024-6289",
"lastModified": "2025-03-17T16:15:23.660",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-07-15T06:15:02.413",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/fd6d0362-df1d-4416-b8b5-6e5d0ce84793/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/fd6d0362-df1d-4416-b8b5-6e5d0ce84793/"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-2473
Vulnerability from fkie_nvd - Published: 2024-06-11 03:15 - Updated: 2024-11-21 09:09
Severity ?
Summary
The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wpserveur | wps_hide_login | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wpserveur:wps_hide_login:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "2191D991-CFCD-44CC-B4D0-CB2D07AA80BA",
"versionEndExcluding": "1.9.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the \u0027action=postpass\u0027 parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin."
},
{
"lang": "es",
"value": "El complemento WPS Hide Login para WordPress es vulnerable a la divulgaci\u00f3n de la p\u00e1gina de inicio de sesi\u00f3n en todas las versiones hasta la 1.9.15.2 incluida. Esto se debe a una omisi\u00f3n que se crea cuando se proporciona el par\u00e1metro \u0027action=postpass\u0027. Esto hace posible que los atacantes descubran f\u00e1cilmente cualquier p\u00e1gina de inicio de sesi\u00f3n que pueda haber sido ocultada por el complemento."
}
],
"id": "CVE-2024-2473",
"lastModified": "2024-11-21T09:09:49.860",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security@wordfence.com",
"type": "Secondary"
}
]
},
"published": "2024-06-11T03:15:10.183",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/3099109/wps-hide-login"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd21c7d3-a5f1-4c3a-b6ab-0a979f070a62?source=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/3099109/wps-hide-login"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd21c7d3-a5f1-4c3a-b6ab-0a979f070a62?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-36710
Vulnerability from fkie_nvd - Published: 2023-06-07 02:15 - Updated: 2024-11-21 05:30
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wpserveur | wps_hide_login | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wpserveur:wps_hide_login:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "D732986E-15ED-4FA8-A052-51E185AFC06C",
"versionEndIncluding": "1.5.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2."
}
],
"id": "CVE-2020-36710",
"lastModified": "2024-11-21T05:30:07.843",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security@wordfence.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-07T02:15:11.637",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Exploit"
],
"url": "https://blog.nintechnet.com/wordpress-wps-hide-login-fixed-security-issue/"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7808329f-1688-480c-a83c-c4ab2fa86da6?source=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://blog.nintechnet.com/wordpress-wps-hide-login-fixed-security-issue/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7808329f-1688-480c-a83c-c4ab2fa86da6?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-24917
Vulnerability from fkie_nvd - Published: 2021-12-06 16:15 - Updated: 2024-11-21 05:54
Severity ?
Summary
The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user.
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | https://wordpress.org/support/topic/bypass-security-issue/ | Third Party Advisory | |
| contact@wpscan.com | https://wpscan.com/vulnerability/15bb711a-7d70-4891-b7a2-c473e3e8b375 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wordpress.org/support/topic/bypass-security-issue/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/15bb711a-7d70-4891-b7a2-c473e3e8b375 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wpserveur | wps_hide_login | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wpserveur:wps_hide_login:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "86E29700-07B4-4CF1-AF40-1AFB796CF567",
"versionEndExcluding": "1.9.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user."
},
{
"lang": "es",
"value": "El plugin WPS Hide Login de WordPress versiones anteriores a 1.9.1, presenta un bug que permite conseguir la p\u00e1gina secreta de inicio de sesi\u00f3n estableciendo una cadena de referencia aleatoria y haciendo una petici\u00f3n a /wp-admin/options.php como un usuario no autenticado"
}
],
"id": "CVE-2021-24917",
"lastModified": "2024-11-21T05:54:00.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-06T16:15:08.137",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
],
"url": "https://wordpress.org/support/topic/bypass-security-issue/"
},
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/15bb711a-7d70-4891-b7a2-c473e3e8b375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wordpress.org/support/topic/bypass-security-issue/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/15bb711a-7d70-4891-b7a2-c473e3e8b375"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "contact@wpscan.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-3332
Vulnerability from fkie_nvd - Published: 2021-03-01 21:15 - Updated: 2024-11-21 06:21
Severity ?
Summary
WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://blog.sebastianschmitt.eu/security/wps-hide-login-1-6-1-protection-bypass-cve-2021-3332 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.sebastianschmitt.eu/security/wps-hide-login-1-6-1-protection-bypass-cve-2021-3332 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wpserveur | wps_hide_login | 1.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wpserveur:wps_hide_login:1.6.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "0E08DD01-15BD-435F-B3D7-A73E8710A624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password."
},
{
"lang": "es",
"value": "WPS Hide Login versi\u00f3n 1.6.1, permite a atacantes remotos omitir un mecanismo de protecci\u00f3n por medio de post_password"
}
],
"id": "CVE-2021-3332",
"lastModified": "2024-11-21T06:21:19.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-01T21:15:14.660",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.sebastianschmitt.eu/security/wps-hide-login-1-6-1-protection-bypass-cve-2021-3332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.sebastianschmitt.eu/security/wps-hide-login-1-6-1-protection-bypass-cve-2021-3332"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-9498
Vulnerability from fkie_nvd - Published: 2019-10-22 21:15 - Updated: 2024-11-21 02:40
Severity ?
Summary
The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://wordpress.org/plugins/wps-hide-login/#developers | Product, Third Party Advisory | |
| cve@mitre.org | https://wpvulndb.com/vulnerabilities/8011 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wordpress.org/plugins/wps-hide-login/#developers | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpvulndb.com/vulnerabilities/8011 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wpserveur | wps_hide_login | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wpserveur:wps_hide_login:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "D1FEB359-D382-43CF-8A87-C3FA31A0EE71",
"versionEndExcluding": "1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value."
},
{
"lang": "es",
"value": "El plugin wps-hide-login versiones anteriores a 1.1 para WordPress, presenta una vulnerabilidad de tipo CSRF que afecta el almacenamiento de un valor de opci\u00f3n."
}
],
"id": "CVE-2015-9498",
"lastModified": "2024-11-21T02:40:46.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-22T21:15:10.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/8011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/8011"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-15826
Vulnerability from fkie_nvd - Published: 2019-08-30 13:15 - Updated: 2024-11-21 04:29
Severity ?
Summary
The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://wordpress.org/plugins/wps-hide-login/#developers | Product, Third Party Advisory | |
| cve@mitre.org | https://wpvulndb.com/vulnerabilities/9469 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wordpress.org/plugins/wps-hide-login/#developers | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpvulndb.com/vulnerabilities/9469 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wpserveur | wps_hide_login | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wpserveur:wps_hide_login:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "0DDF40B2-58BE-47ED-90BA-B4685E312F67",
"versionEndExcluding": "1.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field."
},
{
"lang": "es",
"value": "El plugin wps-hide-login anterior a la versi\u00f3n 1.5.3 para WordPress tiene un bypass de protecci\u00f3n a trav\u00e9s de wp-login.php en el campo Referer."
}
],
"id": "CVE-2019-15826",
"lastModified": "2024-11-21T04:29:33.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-30T13:15:12.077",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/9469"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-15823
Vulnerability from fkie_nvd - Published: 2019-08-30 13:15 - Updated: 2024-11-21 04:29
Severity ?
Summary
The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://wordpress.org/plugins/wps-hide-login/#developers | Product, Third Party Advisory | |
| cve@mitre.org | https://wpvulndb.com/vulnerabilities/9469 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wordpress.org/plugins/wps-hide-login/#developers | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpvulndb.com/vulnerabilities/9469 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wpserveur | wps_hide_login | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wpserveur:wps_hide_login:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "0DDF40B2-58BE-47ED-90BA-B4685E312F67",
"versionEndExcluding": "1.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass."
},
{
"lang": "es",
"value": "El plugin wps-hide-login anterior a la versi\u00f3n 1.5.3 para WordPress tiene un bypass de protecci\u00f3n acci\u00f3n = confirmaci\u00f3n."
}
],
"id": "CVE-2019-15823",
"lastModified": "2024-11-21T04:29:32.693",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-30T13:15:11.843",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/9469"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-15825
Vulnerability from fkie_nvd - Published: 2019-08-30 13:15 - Updated: 2024-11-21 04:29
Severity ?
Summary
The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp&key&login protection bypass.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://wordpress.org/plugins/wps-hide-login/#developers | Product, Third Party Advisory | |
| cve@mitre.org | https://wpvulndb.com/vulnerabilities/9469 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wordpress.org/plugins/wps-hide-login/#developers | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpvulndb.com/vulnerabilities/9469 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wpserveur | wps_hide_login | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wpserveur:wps_hide_login:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "0DDF40B2-58BE-47ED-90BA-B4685E312F67",
"versionEndExcluding": "1.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp\u0026key\u0026login protection bypass."
},
{
"lang": "es",
"value": "El complemento wps-hide-login antes de 1.5.3 para WordPress tiene una acci\u00f3n = rp \u0026 key \u0026 bypass de protecci\u00f3n de inicio de sesi\u00f3n."
}
],
"id": "CVE-2019-15825",
"lastModified": "2024-11-21T04:29:33.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-30T13:15:11.997",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/9469"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-15824
Vulnerability from fkie_nvd - Published: 2019-08-30 13:15 - Updated: 2024-11-21 04:29
Severity ?
Summary
The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://wordpress.org/plugins/wps-hide-login/#developers | Product, Third Party Advisory | |
| cve@mitre.org | https://wpvulndb.com/vulnerabilities/9469 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wordpress.org/plugins/wps-hide-login/#developers | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpvulndb.com/vulnerabilities/9469 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wpserveur | wps_hide_login | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wpserveur:wps_hide_login:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "0DDF40B2-58BE-47ED-90BA-B4685E312F67",
"versionEndExcluding": "1.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass."
},
{
"lang": "es",
"value": "El plugin wps-hide-login anterior a la versi\u00f3n 1.5.3 para WordPress tiene un bypass de protecci\u00f3n adminhash."
}
],
"id": "CVE-2019-15824",
"lastModified": "2024-11-21T04:29:32.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-30T13:15:11.920",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/9469"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-6289 (GCVE-0-2024-6289)
Vulnerability from cvelistv5 – Published: 2024-07-15 06:00 – Updated: 2025-08-27 12:00
VLAI?
Title
WPS Hide Login < 1.9.16.4 - Hidden Login Page Disclosure
Summary
The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.
Severity ?
6.1 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WPS Hide Login |
Affected:
0 , < 1.9.16.4
(semver)
|
Credits
Juan Pablo Gomez Postigo
WPScan
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wpserveur:wps_hide_login:-:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "wps_hide_login",
"vendor": "wpserveur",
"versions": [
{
"lessThan": "1.9.16.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-6289",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-24T19:11:36.635786Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T16:06:19.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/fd6d0362-df1d-4416-b8b5-6e5d0ce84793/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WPS Hide Login",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.9.16.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Juan Pablo Gomez Postigo"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T12:00:54.025Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/fd6d0362-df1d-4416-b8b5-6e5d0ce84793/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WPS Hide Login \u003c 1.9.16.4 - Hidden Login Page Disclosure",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-6289",
"datePublished": "2024-07-15T06:00:06.081Z",
"dateReserved": "2024-06-24T18:02:54.875Z",
"dateUpdated": "2025-08-27T12:00:54.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2473 (GCVE-0-2024-2473)
Vulnerability from cvelistv5 – Published: 2024-06-11 02:01 – Updated: 2024-08-01 19:11
VLAI?
Title
WPS Hide Login <= 1.9.15.2 - Login Page Disclosure
Summary
The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin.
Severity ?
5.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tabrisrp | WPS Hide Login |
Affected:
* , ≤ 1.9.15.2
(semver)
|
Credits
Nicholas Mun
Sélim Lanouar
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2473",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T15:56:05.094629Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T15:56:14.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd21c7d3-a5f1-4c3a-b6ab-0a979f070a62?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3099109/wps-hide-login"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WPS Hide Login",
"vendor": "tabrisrp",
"versions": [
{
"lessThanOrEqual": "1.9.15.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nicholas Mun"
},
{
"lang": "en",
"type": "finder",
"value": "S\u00e9lim Lanouar"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the \u0027action=postpass\u0027 parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-863 Incorrect Authorization",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T02:01:58.830Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd21c7d3-a5f1-4c3a-b6ab-0a979f070a62?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3099109/wps-hide-login"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-19T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-06-10T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "WPS Hide Login \u003c= 1.9.15.2 - Login Page Disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-2473",
"datePublished": "2024-06-11T02:01:58.830Z",
"dateReserved": "2024-03-14T20:29:38.277Z",
"dateUpdated": "2024-08-01T19:11:53.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36710 (GCVE-0-2020-36710)
Vulnerability from cvelistv5 – Published: 2023-06-07 01:51 – Updated: 2024-12-28 00:55
VLAI?
Summary
The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2.
Severity ?
5.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tabrisrp | WPS Hide Login |
Affected:
* , ≤ 1.5.4.2
(semver)
|
Credits
Jerome Bruandet
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:06.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7808329f-1688-480c-a83c-c4ab2fa86da6?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.nintechnet.com/wordpress-wps-hide-login-fixed-security-issue/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36710",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-28T00:41:02.573324Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-28T00:55:39.492Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WPS Hide Login",
"vendor": "tabrisrp",
"versions": [
{
"lessThanOrEqual": "1.5.4.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jerome Bruandet"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-863 Incorrect Authorization",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-07T01:51:26.862Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7808329f-1688-480c-a83c-c4ab2fa86da6?source=cve"
},
{
"url": "https://blog.nintechnet.com/wordpress-wps-hide-login-fixed-security-issue/"
}
],
"timeline": [
{
"lang": "en",
"time": "2020-01-27T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2020-36710",
"datePublished": "2023-06-07T01:51:26.862Z",
"dateReserved": "2023-06-06T12:49:59.185Z",
"dateUpdated": "2024-12-28T00:55:39.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24917 (GCVE-0-2021-24917)
Vulnerability from cvelistv5 – Published: 2021-12-06 15:55 – Updated: 2024-08-03 19:49
VLAI?
Title
WPS Hide Login < 1.9.1 - Protection Bypass with Referer-Header
Summary
The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user.
Severity ?
No CVSS data available.
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WPS Hide Login |
Affected:
1.9.1 , < 1.9.1
(custom)
|
Credits
Daniel Ruf
Thalakus
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:49:13.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/15bb711a-7d70-4891-b7a2-c473e3e8b375"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/support/topic/bypass-security-issue/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WPS Hide Login",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.9.1",
"status": "affected",
"version": "1.9.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniel Ruf"
},
{
"lang": "en",
"value": "Thalakus"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-06T15:55:30",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/15bb711a-7d70-4891-b7a2-c473e3e8b375"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/support/topic/bypass-security-issue/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WPS Hide Login \u003c 1.9.1 - Protection Bypass with Referer-Header",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24917",
"STATE": "PUBLIC",
"TITLE": "WPS Hide Login \u003c 1.9.1 - Protection Bypass with Referer-Header"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WPS Hide Login",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.9.1",
"version_value": "1.9.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Daniel Ruf"
},
{
"lang": "eng",
"value": "Thalakus"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/15bb711a-7d70-4891-b7a2-c473e3e8b375",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/15bb711a-7d70-4891-b7a2-c473e3e8b375"
},
{
"name": "https://wordpress.org/support/topic/bypass-security-issue/",
"refsource": "MISC",
"url": "https://wordpress.org/support/topic/bypass-security-issue/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24917",
"datePublished": "2021-12-06T15:55:30",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:49:13.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3332 (GCVE-0-2021-3332)
Vulnerability from cvelistv5 – Published: 2021-03-01 20:22 – Updated: 2024-08-03 16:53
VLAI?
Summary
WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.sebastianschmitt.eu/security/wps-hide-login-1-6-1-protection-bypass-cve-2021-3332"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-01T20:22:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.sebastianschmitt.eu/security/wps-hide-login-1-6-1-protection-bypass-cve-2021-3332"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-3332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.sebastianschmitt.eu/security/wps-hide-login-1-6-1-protection-bypass-cve-2021-3332",
"refsource": "MISC",
"url": "https://blog.sebastianschmitt.eu/security/wps-hide-login-1-6-1-protection-bypass-cve-2021-3332"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-3332",
"datePublished": "2021-03-01T20:22:58",
"dateReserved": "2021-01-27T00:00:00",
"dateUpdated": "2024-08-03T16:53:17.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-9498 (GCVE-0-2015-9498)
Vulnerability from cvelistv5 – Published: 2019-10-22 20:36 – Updated: 2024-08-06 08:51
VLAI?
Summary
The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:51:05.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/8011"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-22T20:36:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/8011"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8011",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8011"
},
{
"name": "https://wordpress.org/plugins/wps-hide-login/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-9498",
"datePublished": "2019-10-22T20:36:32",
"dateReserved": "2019-10-14T00:00:00",
"dateUpdated": "2024-08-06T08:51:05.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15826 (GCVE-0-2019-15826)
Vulnerability from cvelistv5 – Published: 2019-08-30 12:59 – Updated: 2024-08-05 00:56
VLAI?
Summary
The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-31T04:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/9469",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"name": "https://wordpress.org/plugins/wps-hide-login/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"name": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/",
"refsource": "MISC",
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15826",
"datePublished": "2019-08-30T12:59:08",
"dateReserved": "2019-08-29T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15825 (GCVE-0-2019-15825)
Vulnerability from cvelistv5 – Published: 2019-08-30 12:58 – Updated: 2024-08-05 00:56
VLAI?
Summary
The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp&key&login protection bypass.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp\u0026key\u0026login protection bypass."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-31T04:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp\u0026key\u0026login protection bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/9469",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"name": "https://wordpress.org/plugins/wps-hide-login/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"name": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/",
"refsource": "MISC",
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15825",
"datePublished": "2019-08-30T12:58:11",
"dateReserved": "2019-08-29T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15824 (GCVE-0-2019-15824)
Vulnerability from cvelistv5 – Published: 2019-08-30 12:57 – Updated: 2024-08-05 00:56
VLAI?
Summary
The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-31T04:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/9469",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"name": "https://wordpress.org/plugins/wps-hide-login/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"name": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/",
"refsource": "MISC",
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15824",
"datePublished": "2019-08-30T12:57:19",
"dateReserved": "2019-08-29T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15823 (GCVE-0-2019-15823)
Vulnerability from cvelistv5 – Published: 2019-08-30 12:49 – Updated: 2024-08-05 00:56
VLAI?
Summary
The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-31T04:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/9469",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"name": "https://wordpress.org/plugins/wps-hide-login/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"name": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/",
"refsource": "MISC",
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15823",
"datePublished": "2019-08-30T12:49:10",
"dateReserved": "2019-08-29T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6289 (GCVE-0-2024-6289)
Vulnerability from nvd – Published: 2024-07-15 06:00 – Updated: 2025-08-27 12:00
VLAI?
Title
WPS Hide Login < 1.9.16.4 - Hidden Login Page Disclosure
Summary
The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.
Severity ?
6.1 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WPS Hide Login |
Affected:
0 , < 1.9.16.4
(semver)
|
Credits
Juan Pablo Gomez Postigo
WPScan
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wpserveur:wps_hide_login:-:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "wps_hide_login",
"vendor": "wpserveur",
"versions": [
{
"lessThan": "1.9.16.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-6289",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-24T19:11:36.635786Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T16:06:19.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/fd6d0362-df1d-4416-b8b5-6e5d0ce84793/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WPS Hide Login",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.9.16.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Juan Pablo Gomez Postigo"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T12:00:54.025Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/fd6d0362-df1d-4416-b8b5-6e5d0ce84793/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WPS Hide Login \u003c 1.9.16.4 - Hidden Login Page Disclosure",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-6289",
"datePublished": "2024-07-15T06:00:06.081Z",
"dateReserved": "2024-06-24T18:02:54.875Z",
"dateUpdated": "2025-08-27T12:00:54.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2473 (GCVE-0-2024-2473)
Vulnerability from nvd – Published: 2024-06-11 02:01 – Updated: 2024-08-01 19:11
VLAI?
Title
WPS Hide Login <= 1.9.15.2 - Login Page Disclosure
Summary
The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin.
Severity ?
5.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tabrisrp | WPS Hide Login |
Affected:
* , ≤ 1.9.15.2
(semver)
|
Credits
Nicholas Mun
Sélim Lanouar
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2473",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T15:56:05.094629Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T15:56:14.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd21c7d3-a5f1-4c3a-b6ab-0a979f070a62?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3099109/wps-hide-login"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WPS Hide Login",
"vendor": "tabrisrp",
"versions": [
{
"lessThanOrEqual": "1.9.15.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nicholas Mun"
},
{
"lang": "en",
"type": "finder",
"value": "S\u00e9lim Lanouar"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the \u0027action=postpass\u0027 parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-863 Incorrect Authorization",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T02:01:58.830Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd21c7d3-a5f1-4c3a-b6ab-0a979f070a62?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3099109/wps-hide-login"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-19T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-06-10T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "WPS Hide Login \u003c= 1.9.15.2 - Login Page Disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-2473",
"datePublished": "2024-06-11T02:01:58.830Z",
"dateReserved": "2024-03-14T20:29:38.277Z",
"dateUpdated": "2024-08-01T19:11:53.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36710 (GCVE-0-2020-36710)
Vulnerability from nvd – Published: 2023-06-07 01:51 – Updated: 2024-12-28 00:55
VLAI?
Summary
The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2.
Severity ?
5.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tabrisrp | WPS Hide Login |
Affected:
* , ≤ 1.5.4.2
(semver)
|
Credits
Jerome Bruandet
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:06.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7808329f-1688-480c-a83c-c4ab2fa86da6?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.nintechnet.com/wordpress-wps-hide-login-fixed-security-issue/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36710",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-28T00:41:02.573324Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-28T00:55:39.492Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WPS Hide Login",
"vendor": "tabrisrp",
"versions": [
{
"lessThanOrEqual": "1.5.4.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jerome Bruandet"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-863 Incorrect Authorization",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-07T01:51:26.862Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7808329f-1688-480c-a83c-c4ab2fa86da6?source=cve"
},
{
"url": "https://blog.nintechnet.com/wordpress-wps-hide-login-fixed-security-issue/"
}
],
"timeline": [
{
"lang": "en",
"time": "2020-01-27T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2020-36710",
"datePublished": "2023-06-07T01:51:26.862Z",
"dateReserved": "2023-06-06T12:49:59.185Z",
"dateUpdated": "2024-12-28T00:55:39.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24917 (GCVE-0-2021-24917)
Vulnerability from nvd – Published: 2021-12-06 15:55 – Updated: 2024-08-03 19:49
VLAI?
Title
WPS Hide Login < 1.9.1 - Protection Bypass with Referer-Header
Summary
The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user.
Severity ?
No CVSS data available.
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WPS Hide Login |
Affected:
1.9.1 , < 1.9.1
(custom)
|
Credits
Daniel Ruf
Thalakus
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:49:13.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/15bb711a-7d70-4891-b7a2-c473e3e8b375"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/support/topic/bypass-security-issue/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WPS Hide Login",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.9.1",
"status": "affected",
"version": "1.9.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniel Ruf"
},
{
"lang": "en",
"value": "Thalakus"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-06T15:55:30",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/15bb711a-7d70-4891-b7a2-c473e3e8b375"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/support/topic/bypass-security-issue/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WPS Hide Login \u003c 1.9.1 - Protection Bypass with Referer-Header",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24917",
"STATE": "PUBLIC",
"TITLE": "WPS Hide Login \u003c 1.9.1 - Protection Bypass with Referer-Header"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WPS Hide Login",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.9.1",
"version_value": "1.9.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Daniel Ruf"
},
{
"lang": "eng",
"value": "Thalakus"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/15bb711a-7d70-4891-b7a2-c473e3e8b375",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/15bb711a-7d70-4891-b7a2-c473e3e8b375"
},
{
"name": "https://wordpress.org/support/topic/bypass-security-issue/",
"refsource": "MISC",
"url": "https://wordpress.org/support/topic/bypass-security-issue/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24917",
"datePublished": "2021-12-06T15:55:30",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:49:13.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3332 (GCVE-0-2021-3332)
Vulnerability from nvd – Published: 2021-03-01 20:22 – Updated: 2024-08-03 16:53
VLAI?
Summary
WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.sebastianschmitt.eu/security/wps-hide-login-1-6-1-protection-bypass-cve-2021-3332"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-01T20:22:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.sebastianschmitt.eu/security/wps-hide-login-1-6-1-protection-bypass-cve-2021-3332"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-3332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.sebastianschmitt.eu/security/wps-hide-login-1-6-1-protection-bypass-cve-2021-3332",
"refsource": "MISC",
"url": "https://blog.sebastianschmitt.eu/security/wps-hide-login-1-6-1-protection-bypass-cve-2021-3332"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-3332",
"datePublished": "2021-03-01T20:22:58",
"dateReserved": "2021-01-27T00:00:00",
"dateUpdated": "2024-08-03T16:53:17.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-9498 (GCVE-0-2015-9498)
Vulnerability from nvd – Published: 2019-10-22 20:36 – Updated: 2024-08-06 08:51
VLAI?
Summary
The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:51:05.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/8011"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-22T20:36:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/8011"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8011",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8011"
},
{
"name": "https://wordpress.org/plugins/wps-hide-login/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-9498",
"datePublished": "2019-10-22T20:36:32",
"dateReserved": "2019-10-14T00:00:00",
"dateUpdated": "2024-08-06T08:51:05.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15826 (GCVE-0-2019-15826)
Vulnerability from nvd – Published: 2019-08-30 12:59 – Updated: 2024-08-05 00:56
VLAI?
Summary
The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-31T04:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/9469",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"name": "https://wordpress.org/plugins/wps-hide-login/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"name": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/",
"refsource": "MISC",
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15826",
"datePublished": "2019-08-30T12:59:08",
"dateReserved": "2019-08-29T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15825 (GCVE-0-2019-15825)
Vulnerability from nvd – Published: 2019-08-30 12:58 – Updated: 2024-08-05 00:56
VLAI?
Summary
The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp&key&login protection bypass.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp\u0026key\u0026login protection bypass."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-31T04:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp\u0026key\u0026login protection bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/9469",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"name": "https://wordpress.org/plugins/wps-hide-login/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"name": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/",
"refsource": "MISC",
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15825",
"datePublished": "2019-08-30T12:58:11",
"dateReserved": "2019-08-29T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15824 (GCVE-0-2019-15824)
Vulnerability from nvd – Published: 2019-08-30 12:57 – Updated: 2024-08-05 00:56
VLAI?
Summary
The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-31T04:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/9469",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"name": "https://wordpress.org/plugins/wps-hide-login/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"name": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/",
"refsource": "MISC",
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15824",
"datePublished": "2019-08-30T12:57:19",
"dateReserved": "2019-08-29T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15823 (GCVE-0-2019-15823)
Vulnerability from nvd – Published: 2019-08-30 12:49 – Updated: 2024-08-05 00:56
VLAI?
Summary
The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-31T04:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/9469",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"name": "https://wordpress.org/plugins/wps-hide-login/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"name": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/",
"refsource": "MISC",
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15823",
"datePublished": "2019-08-30T12:49:10",
"dateReserved": "2019-08-29T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}