Search criteria
11 vulnerabilities by wpserveur
CVE-2024-6289 (GCVE-0-2024-6289)
Vulnerability from cvelistv5 – Published: 2024-07-15 06:00 – Updated: 2025-08-27 12:00
VLAI?
Title
WPS Hide Login < 1.9.16.4 - Hidden Login Page Disclosure
Summary
The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.
Severity ?
6.1 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WPS Hide Login |
Affected:
0 , < 1.9.16.4
(semver)
|
Credits
Juan Pablo Gomez Postigo
WPScan
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wpserveur:wps_hide_login:-:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "wps_hide_login",
"vendor": "wpserveur",
"versions": [
{
"lessThan": "1.9.16.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-6289",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-24T19:11:36.635786Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T16:06:19.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/fd6d0362-df1d-4416-b8b5-6e5d0ce84793/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WPS Hide Login",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.9.16.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Juan Pablo Gomez Postigo"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T12:00:54.025Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/fd6d0362-df1d-4416-b8b5-6e5d0ce84793/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WPS Hide Login \u003c 1.9.16.4 - Hidden Login Page Disclosure",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-6289",
"datePublished": "2024-07-15T06:00:06.081Z",
"dateReserved": "2024-06-24T18:02:54.875Z",
"dateUpdated": "2025-08-27T12:00:54.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2473 (GCVE-0-2024-2473)
Vulnerability from cvelistv5 – Published: 2024-06-11 02:01 – Updated: 2024-08-01 19:11
VLAI?
Title
WPS Hide Login <= 1.9.15.2 - Login Page Disclosure
Summary
The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin.
Severity ?
5.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tabrisrp | WPS Hide Login |
Affected:
* , ≤ 1.9.15.2
(semver)
|
Credits
Nicholas Mun
Sélim Lanouar
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2473",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T15:56:05.094629Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T15:56:14.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd21c7d3-a5f1-4c3a-b6ab-0a979f070a62?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3099109/wps-hide-login"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WPS Hide Login",
"vendor": "tabrisrp",
"versions": [
{
"lessThanOrEqual": "1.9.15.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nicholas Mun"
},
{
"lang": "en",
"type": "finder",
"value": "S\u00e9lim Lanouar"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the \u0027action=postpass\u0027 parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-863 Incorrect Authorization",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T02:01:58.830Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd21c7d3-a5f1-4c3a-b6ab-0a979f070a62?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3099109/wps-hide-login"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-19T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-06-10T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "WPS Hide Login \u003c= 1.9.15.2 - Login Page Disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-2473",
"datePublished": "2024-06-11T02:01:58.830Z",
"dateReserved": "2024-03-14T20:29:38.277Z",
"dateUpdated": "2024-08-01T19:11:53.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36710 (GCVE-0-2020-36710)
Vulnerability from cvelistv5 – Published: 2023-06-07 01:51 – Updated: 2024-12-28 00:55
VLAI?
Summary
The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2.
Severity ?
5.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tabrisrp | WPS Hide Login |
Affected:
* , ≤ 1.5.4.2
(semver)
|
Credits
Jerome Bruandet
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:06.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7808329f-1688-480c-a83c-c4ab2fa86da6?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.nintechnet.com/wordpress-wps-hide-login-fixed-security-issue/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36710",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-28T00:41:02.573324Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-28T00:55:39.492Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WPS Hide Login",
"vendor": "tabrisrp",
"versions": [
{
"lessThanOrEqual": "1.5.4.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jerome Bruandet"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-863 Incorrect Authorization",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-07T01:51:26.862Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7808329f-1688-480c-a83c-c4ab2fa86da6?source=cve"
},
{
"url": "https://blog.nintechnet.com/wordpress-wps-hide-login-fixed-security-issue/"
}
],
"timeline": [
{
"lang": "en",
"time": "2020-01-27T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2020-36710",
"datePublished": "2023-06-07T01:51:26.862Z",
"dateReserved": "2023-06-06T12:49:59.185Z",
"dateUpdated": "2024-12-28T00:55:39.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24917 (GCVE-0-2021-24917)
Vulnerability from cvelistv5 – Published: 2021-12-06 15:55 – Updated: 2024-08-03 19:49
VLAI?
Title
WPS Hide Login < 1.9.1 - Protection Bypass with Referer-Header
Summary
The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user.
Severity ?
No CVSS data available.
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WPS Hide Login |
Affected:
1.9.1 , < 1.9.1
(custom)
|
Credits
Daniel Ruf
Thalakus
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:49:13.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/15bb711a-7d70-4891-b7a2-c473e3e8b375"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/support/topic/bypass-security-issue/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WPS Hide Login",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.9.1",
"status": "affected",
"version": "1.9.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniel Ruf"
},
{
"lang": "en",
"value": "Thalakus"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-06T15:55:30",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/15bb711a-7d70-4891-b7a2-c473e3e8b375"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/support/topic/bypass-security-issue/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WPS Hide Login \u003c 1.9.1 - Protection Bypass with Referer-Header",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24917",
"STATE": "PUBLIC",
"TITLE": "WPS Hide Login \u003c 1.9.1 - Protection Bypass with Referer-Header"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WPS Hide Login",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.9.1",
"version_value": "1.9.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Daniel Ruf"
},
{
"lang": "eng",
"value": "Thalakus"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/15bb711a-7d70-4891-b7a2-c473e3e8b375",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/15bb711a-7d70-4891-b7a2-c473e3e8b375"
},
{
"name": "https://wordpress.org/support/topic/bypass-security-issue/",
"refsource": "MISC",
"url": "https://wordpress.org/support/topic/bypass-security-issue/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24917",
"datePublished": "2021-12-06T15:55:30",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:49:13.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3332 (GCVE-0-2021-3332)
Vulnerability from cvelistv5 – Published: 2021-03-01 20:22 – Updated: 2024-08-03 16:53
VLAI?
Summary
WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.sebastianschmitt.eu/security/wps-hide-login-1-6-1-protection-bypass-cve-2021-3332"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-01T20:22:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.sebastianschmitt.eu/security/wps-hide-login-1-6-1-protection-bypass-cve-2021-3332"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-3332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.sebastianschmitt.eu/security/wps-hide-login-1-6-1-protection-bypass-cve-2021-3332",
"refsource": "MISC",
"url": "https://blog.sebastianschmitt.eu/security/wps-hide-login-1-6-1-protection-bypass-cve-2021-3332"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-3332",
"datePublished": "2021-03-01T20:22:58",
"dateReserved": "2021-01-27T00:00:00",
"dateUpdated": "2024-08-03T16:53:17.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-9498 (GCVE-0-2015-9498)
Vulnerability from cvelistv5 – Published: 2019-10-22 20:36 – Updated: 2024-08-06 08:51
VLAI?
Summary
The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:51:05.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/8011"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-22T20:36:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/8011"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8011",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8011"
},
{
"name": "https://wordpress.org/plugins/wps-hide-login/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-9498",
"datePublished": "2019-10-22T20:36:32",
"dateReserved": "2019-10-14T00:00:00",
"dateUpdated": "2024-08-06T08:51:05.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15826 (GCVE-0-2019-15826)
Vulnerability from cvelistv5 – Published: 2019-08-30 12:59 – Updated: 2024-08-05 00:56
VLAI?
Summary
The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-31T04:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/9469",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"name": "https://wordpress.org/plugins/wps-hide-login/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"name": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/",
"refsource": "MISC",
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15826",
"datePublished": "2019-08-30T12:59:08",
"dateReserved": "2019-08-29T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15825 (GCVE-0-2019-15825)
Vulnerability from cvelistv5 – Published: 2019-08-30 12:58 – Updated: 2024-08-05 00:56
VLAI?
Summary
The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp&key&login protection bypass.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp\u0026key\u0026login protection bypass."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-31T04:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp\u0026key\u0026login protection bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/9469",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"name": "https://wordpress.org/plugins/wps-hide-login/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"name": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/",
"refsource": "MISC",
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15825",
"datePublished": "2019-08-30T12:58:11",
"dateReserved": "2019-08-29T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15824 (GCVE-0-2019-15824)
Vulnerability from cvelistv5 – Published: 2019-08-30 12:57 – Updated: 2024-08-05 00:56
VLAI?
Summary
The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-31T04:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/9469",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"name": "https://wordpress.org/plugins/wps-hide-login/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"name": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/",
"refsource": "MISC",
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15824",
"datePublished": "2019-08-30T12:57:19",
"dateReserved": "2019-08-29T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15823 (GCVE-0-2019-15823)
Vulnerability from cvelistv5 – Published: 2019-08-30 12:49 – Updated: 2024-08-05 00:56
VLAI?
Summary
The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-31T04:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/9469",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/9469"
},
{
"name": "https://wordpress.org/plugins/wps-hide-login/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/wps-hide-login/#developers"
},
{
"name": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/",
"refsource": "MISC",
"url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15823",
"datePublished": "2019-08-30T12:49:10",
"dateReserved": "2019-08-29T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15822 (GCVE-0-2019-15822)
Vulnerability from cvelistv5 – Published: 2019-08-30 12:42 – Updated: 2024-08-05 00:56
VLAI?
Summary
The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory traversal.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/9470"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/wps-child-theme-generator/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://secupress.me/blog/wps-child-theme-generator-v1-1-multiples-vulnerabilities/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory traversal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-31T04:06:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/9470"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/wps-child-theme-generator/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://secupress.me/blog/wps-child-theme-generator-v1-1-multiples-vulnerabilities/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15822",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/9470",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/9470"
},
{
"name": "https://wordpress.org/plugins/wps-child-theme-generator/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/wps-child-theme-generator/#developers"
},
{
"name": "https://secupress.me/blog/wps-child-theme-generator-v1-1-multiples-vulnerabilities/",
"refsource": "MISC",
"url": "https://secupress.me/blog/wps-child-theme-generator-v1-1-multiples-vulnerabilities/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15822",
"datePublished": "2019-08-30T12:42:35",
"dateReserved": "2019-08-29T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}