Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    22 vulnerabilities by wpserveur

    CVE-2024-6289 (GCVE-0-2024-6289)

    Vulnerability from nvd – Published: 2024-07-15 06:00 – Updated: 2025-08-27 12:00
    VLAI
    Title
    WPS Hide Login < 1.9.16.4 - Hidden Login Page Disclosure
    Summary
    The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/fd6d0362-df1d-44… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown WPS Hide Login Affected: 0 , < 1.9.16.4 (semver)
    Create a notification for this product.
    wpserveur wps_hide_login Affected: 0 , < 1.9.16.4 (semver)
        cpe:2.3:a:wpserveur:wps_hide_login:-:*:*:*:*:wordpress:*:*
    Create a notification for this product.
    Credits
    Juan Pablo Gomez Postigo WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:wpserveur:wps_hide_login:-:*:*:*:*:wordpress:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wps_hide_login",
                "vendor": "wpserveur",
                "versions": [
                  {
                    "lessThan": "1.9.16.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.1,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-6289",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-24T19:11:36.635786Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-17T16:06:19.375Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:33:05.447Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/fd6d0362-df1d-4416-b8b5-6e5d0ce84793/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WPS Hide Login",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "1.9.16.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Juan Pablo Gomez Postigo"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-203 Observable Discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-27T12:00:54.025Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/fd6d0362-df1d-4416-b8b5-6e5d0ce84793/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WPS Hide Login \u003c 1.9.16.4 - Hidden Login Page Disclosure",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2024-6289",
        "datePublished": "2024-07-15T06:00:06.081Z",
        "dateReserved": "2024-06-24T18:02:54.875Z",
        "dateUpdated": "2025-08-27T12:00:54.025Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2473 (GCVE-0-2024-2473)

    Vulnerability from nvd – Published: 2024-06-11 02:01 – Updated: 2026-04-08 17:34
    VLAI
    Title
    WPS Hide Login <= 1.9.15.2 - Login Page Disclosure
    Summary
    The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    tabrisrp WPS Hide Login Affected: 0 , ≤ 1.9.15.2 (semver)
    Create a notification for this product.
    Credits
    Nicholas Mun Sélim Lanouar
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2473",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-11T15:56:05.094629Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-11T15:56:14.121Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:11:53.674Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd21c7d3-a5f1-4c3a-b6ab-0a979f070a62?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/3099109/wps-hide-login"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WPS Hide Login",
              "vendor": "tabrisrp",
              "versions": [
                {
                  "lessThanOrEqual": "1.9.15.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nicholas Mun"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "S\u00e9lim Lanouar"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the \u0027action=postpass\u0027 parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:34:54.294Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd21c7d3-a5f1-4c3a-b6ab-0a979f070a62?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3099109/wps-hide-login"
            },
            {
              "url": "https://github.com/whattheslime/wps-show-login"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-03-19T00:00:00.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2024-06-10T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "WPS Hide Login \u003c= 1.9.15.2 - Login Page Disclosure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-2473",
        "datePublished": "2024-06-11T02:01:58.830Z",
        "dateReserved": "2024-03-14T20:29:38.277Z",
        "dateUpdated": "2026-04-08T17:34:54.294Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-36710 (GCVE-0-2020-36710)

    Vulnerability from nvd – Published: 2023-06-07 01:51 – Updated: 2026-04-08 17:01
    VLAI
    Title
    WPS Hide Login <= 1.5.4.2 - Hidden Login Page Location Disclosure
    Summary
    The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    tabrisrp WPS Hide Login Affected: 0 , ≤ 1.5.4.2 (semver)
    Create a notification for this product.
    Credits
    Jerome Bruandet
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:37:06.354Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7808329f-1688-480c-a83c-c4ab2fa86da6?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.nintechnet.com/wordpress-wps-hide-login-fixed-security-issue/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-36710",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-28T00:41:02.573324Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-28T00:55:39.492Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WPS Hide Login",
              "vendor": "tabrisrp",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.4.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jerome Bruandet"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:01:48.320Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7808329f-1688-480c-a83c-c4ab2fa86da6?source=cve"
            },
            {
              "url": "https://blog.nintechnet.com/wordpress-wps-hide-login-fixed-security-issue/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2020-01-27T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "WPS Hide Login \u003c= 1.5.4.2 - Hidden Login Page Location Disclosure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2020-36710",
        "datePublished": "2023-06-07T01:51:26.862Z",
        "dateReserved": "2023-06-06T12:49:59.185Z",
        "dateUpdated": "2026-04-08T17:01:48.320Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-24917 (GCVE-0-2021-24917)

    Vulnerability from nvd – Published: 2021-12-06 15:55 – Updated: 2024-08-03 19:49
    VLAI
    Title
    WPS Hide Login < 1.9.1 - Protection Bypass with Referer-Header
    Summary
    The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user.
    Severity
    No CVSS data available.
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown WPS Hide Login Affected: 1.9.1 , < 1.9.1 (custom)
    Create a notification for this product.
    Credits
    Daniel Ruf Thalakus
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:49:13.491Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/15bb711a-7d70-4891-b7a2-c473e3e8b375"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/support/topic/bypass-security-issue/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WPS Hide Login",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "1.9.1",
                  "status": "affected",
                  "version": "1.9.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Daniel Ruf"
            },
            {
              "lang": "en",
              "value": "Thalakus"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-06T15:55:30.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/15bb711a-7d70-4891-b7a2-c473e3e8b375"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/support/topic/bypass-security-issue/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WPS Hide Login \u003c 1.9.1 - Protection Bypass with Referer-Header",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24917",
              "STATE": "PUBLIC",
              "TITLE": "WPS Hide Login \u003c 1.9.1 - Protection Bypass with Referer-Header"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WPS Hide Login",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.9.1",
                                "version_value": "1.9.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Daniel Ruf"
              },
              {
                "lang": "eng",
                "value": "Thalakus"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-863 Incorrect Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/15bb711a-7d70-4891-b7a2-c473e3e8b375",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/15bb711a-7d70-4891-b7a2-c473e3e8b375"
                },
                {
                  "name": "https://wordpress.org/support/topic/bypass-security-issue/",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/support/topic/bypass-security-issue/"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24917",
        "datePublished": "2021-12-06T15:55:30.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:49:13.491Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3332 (GCVE-0-2021-3332)

    Vulnerability from nvd – Published: 2021-03-01 20:22 – Updated: 2024-08-03 16:53
    VLAI
    Summary
    WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T16:53:17.417Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.sebastianschmitt.eu/security/wps-hide-login-1-6-1-protection-bypass-cve-2021-3332"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-01T20:22:58.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.sebastianschmitt.eu/security/wps-hide-login-1-6-1-protection-bypass-cve-2021-3332"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-3332",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://blog.sebastianschmitt.eu/security/wps-hide-login-1-6-1-protection-bypass-cve-2021-3332",
                  "refsource": "MISC",
                  "url": "https://blog.sebastianschmitt.eu/security/wps-hide-login-1-6-1-protection-bypass-cve-2021-3332"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-3332",
        "datePublished": "2021-03-01T20:22:58.000Z",
        "dateReserved": "2021-01-27T00:00:00.000Z",
        "dateUpdated": "2024-08-03T16:53:17.417Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-9498 (GCVE-0-2015-9498)

    Vulnerability from nvd – Published: 2019-10-22 20:36 – Updated: 2024-08-06 08:51
    VLAI
    Summary
    The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:51:05.274Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpvulndb.com/vulnerabilities/8011"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/wps-hide-login/#developers"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-22T20:36:32.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpvulndb.com/vulnerabilities/8011"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/wps-hide-login/#developers"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-9498",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpvulndb.com/vulnerabilities/8011",
                  "refsource": "MISC",
                  "url": "https://wpvulndb.com/vulnerabilities/8011"
                },
                {
                  "name": "https://wordpress.org/plugins/wps-hide-login/#developers",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/wps-hide-login/#developers"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-9498",
        "datePublished": "2019-10-22T20:36:32.000Z",
        "dateReserved": "2019-10-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:51:05.274Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15826 (GCVE-0-2019-15826)

    Vulnerability from nvd – Published: 2019-08-30 12:59 – Updated: 2024-08-05 00:56
    VLAI
    Summary
    The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:56:22.485Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpvulndb.com/vulnerabilities/9469"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/wps-hide-login/#developers"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-31T04:06:06.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpvulndb.com/vulnerabilities/9469"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/wps-hide-login/#developers"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-15826",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpvulndb.com/vulnerabilities/9469",
                  "refsource": "MISC",
                  "url": "https://wpvulndb.com/vulnerabilities/9469"
                },
                {
                  "name": "https://wordpress.org/plugins/wps-hide-login/#developers",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/wps-hide-login/#developers"
                },
                {
                  "name": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/",
                  "refsource": "MISC",
                  "url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-15826",
        "datePublished": "2019-08-30T12:59:08.000Z",
        "dateReserved": "2019-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:56:22.485Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15825 (GCVE-0-2019-15825)

    Vulnerability from nvd – Published: 2019-08-30 12:58 – Updated: 2024-08-05 00:56
    VLAI
    Summary
    The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp&key&login protection bypass.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:56:22.482Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpvulndb.com/vulnerabilities/9469"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/wps-hide-login/#developers"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp\u0026key\u0026login protection bypass."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-31T04:06:06.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpvulndb.com/vulnerabilities/9469"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/wps-hide-login/#developers"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-15825",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp\u0026key\u0026login protection bypass."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpvulndb.com/vulnerabilities/9469",
                  "refsource": "MISC",
                  "url": "https://wpvulndb.com/vulnerabilities/9469"
                },
                {
                  "name": "https://wordpress.org/plugins/wps-hide-login/#developers",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/wps-hide-login/#developers"
                },
                {
                  "name": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/",
                  "refsource": "MISC",
                  "url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-15825",
        "datePublished": "2019-08-30T12:58:11.000Z",
        "dateReserved": "2019-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:56:22.482Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15824 (GCVE-0-2019-15824)

    Vulnerability from nvd – Published: 2019-08-30 12:57 – Updated: 2024-08-05 00:56
    VLAI
    Summary
    The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:56:22.751Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpvulndb.com/vulnerabilities/9469"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/wps-hide-login/#developers"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-31T04:06:06.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpvulndb.com/vulnerabilities/9469"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/wps-hide-login/#developers"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-15824",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpvulndb.com/vulnerabilities/9469",
                  "refsource": "MISC",
                  "url": "https://wpvulndb.com/vulnerabilities/9469"
                },
                {
                  "name": "https://wordpress.org/plugins/wps-hide-login/#developers",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/wps-hide-login/#developers"
                },
                {
                  "name": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/",
                  "refsource": "MISC",
                  "url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-15824",
        "datePublished": "2019-08-30T12:57:19.000Z",
        "dateReserved": "2019-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:56:22.751Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15823 (GCVE-0-2019-15823)

    Vulnerability from nvd – Published: 2019-08-30 12:49 – Updated: 2024-08-05 00:56
    VLAI
    Summary
    The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:56:22.463Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpvulndb.com/vulnerabilities/9469"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/wps-hide-login/#developers"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-31T04:06:06.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpvulndb.com/vulnerabilities/9469"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/wps-hide-login/#developers"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-15823",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpvulndb.com/vulnerabilities/9469",
                  "refsource": "MISC",
                  "url": "https://wpvulndb.com/vulnerabilities/9469"
                },
                {
                  "name": "https://wordpress.org/plugins/wps-hide-login/#developers",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/wps-hide-login/#developers"
                },
                {
                  "name": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/",
                  "refsource": "MISC",
                  "url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-15823",
        "datePublished": "2019-08-30T12:49:10.000Z",
        "dateReserved": "2019-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:56:22.463Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15822 (GCVE-0-2019-15822)

    Vulnerability from nvd – Published: 2019-08-30 12:42 – Updated: 2024-08-05 00:56
    VLAI
    Summary
    The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory traversal.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:56:22.471Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpvulndb.com/vulnerabilities/9470"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/wps-child-theme-generator/#developers"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://secupress.me/blog/wps-child-theme-generator-v1-1-multiples-vulnerabilities/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory traversal."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-31T04:06:07.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpvulndb.com/vulnerabilities/9470"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/wps-child-theme-generator/#developers"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://secupress.me/blog/wps-child-theme-generator-v1-1-multiples-vulnerabilities/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-15822",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory traversal."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpvulndb.com/vulnerabilities/9470",
                  "refsource": "MISC",
                  "url": "https://wpvulndb.com/vulnerabilities/9470"
                },
                {
                  "name": "https://wordpress.org/plugins/wps-child-theme-generator/#developers",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/wps-child-theme-generator/#developers"
                },
                {
                  "name": "https://secupress.me/blog/wps-child-theme-generator-v1-1-multiples-vulnerabilities/",
                  "refsource": "MISC",
                  "url": "https://secupress.me/blog/wps-child-theme-generator-v1-1-multiples-vulnerabilities/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-15822",
        "datePublished": "2019-08-30T12:42:35.000Z",
        "dateReserved": "2019-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:56:22.471Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-6289 (GCVE-0-2024-6289)

    Vulnerability from cvelistv5 – Published: 2024-07-15 06:00 – Updated: 2025-08-27 12:00
    VLAI
    Title
    WPS Hide Login < 1.9.16.4 - Hidden Login Page Disclosure
    Summary
    The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/fd6d0362-df1d-44… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown WPS Hide Login Affected: 0 , < 1.9.16.4 (semver)
    Create a notification for this product.
    wpserveur wps_hide_login Affected: 0 , < 1.9.16.4 (semver)
        cpe:2.3:a:wpserveur:wps_hide_login:-:*:*:*:*:wordpress:*:*
    Create a notification for this product.
    Credits
    Juan Pablo Gomez Postigo WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:wpserveur:wps_hide_login:-:*:*:*:*:wordpress:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wps_hide_login",
                "vendor": "wpserveur",
                "versions": [
                  {
                    "lessThan": "1.9.16.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.1,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-6289",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-24T19:11:36.635786Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-17T16:06:19.375Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:33:05.447Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/fd6d0362-df1d-4416-b8b5-6e5d0ce84793/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WPS Hide Login",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "1.9.16.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Juan Pablo Gomez Postigo"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-203 Observable Discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-27T12:00:54.025Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/fd6d0362-df1d-4416-b8b5-6e5d0ce84793/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WPS Hide Login \u003c 1.9.16.4 - Hidden Login Page Disclosure",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2024-6289",
        "datePublished": "2024-07-15T06:00:06.081Z",
        "dateReserved": "2024-06-24T18:02:54.875Z",
        "dateUpdated": "2025-08-27T12:00:54.025Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2473 (GCVE-0-2024-2473)

    Vulnerability from cvelistv5 – Published: 2024-06-11 02:01 – Updated: 2026-04-08 17:34
    VLAI
    Title
    WPS Hide Login <= 1.9.15.2 - Login Page Disclosure
    Summary
    The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    tabrisrp WPS Hide Login Affected: 0 , ≤ 1.9.15.2 (semver)
    Create a notification for this product.
    Credits
    Nicholas Mun Sélim Lanouar
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2473",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-11T15:56:05.094629Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-11T15:56:14.121Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:11:53.674Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd21c7d3-a5f1-4c3a-b6ab-0a979f070a62?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/3099109/wps-hide-login"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WPS Hide Login",
              "vendor": "tabrisrp",
              "versions": [
                {
                  "lessThanOrEqual": "1.9.15.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nicholas Mun"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "S\u00e9lim Lanouar"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the \u0027action=postpass\u0027 parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:34:54.294Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd21c7d3-a5f1-4c3a-b6ab-0a979f070a62?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3099109/wps-hide-login"
            },
            {
              "url": "https://github.com/whattheslime/wps-show-login"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-03-19T00:00:00.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2024-06-10T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "WPS Hide Login \u003c= 1.9.15.2 - Login Page Disclosure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-2473",
        "datePublished": "2024-06-11T02:01:58.830Z",
        "dateReserved": "2024-03-14T20:29:38.277Z",
        "dateUpdated": "2026-04-08T17:34:54.294Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-36710 (GCVE-0-2020-36710)

    Vulnerability from cvelistv5 – Published: 2023-06-07 01:51 – Updated: 2026-04-08 17:01
    VLAI
    Title
    WPS Hide Login <= 1.5.4.2 - Hidden Login Page Location Disclosure
    Summary
    The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    tabrisrp WPS Hide Login Affected: 0 , ≤ 1.5.4.2 (semver)
    Create a notification for this product.
    Credits
    Jerome Bruandet
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:37:06.354Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7808329f-1688-480c-a83c-c4ab2fa86da6?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.nintechnet.com/wordpress-wps-hide-login-fixed-security-issue/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-36710",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-28T00:41:02.573324Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-28T00:55:39.492Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WPS Hide Login",
              "vendor": "tabrisrp",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.4.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jerome Bruandet"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:01:48.320Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7808329f-1688-480c-a83c-c4ab2fa86da6?source=cve"
            },
            {
              "url": "https://blog.nintechnet.com/wordpress-wps-hide-login-fixed-security-issue/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2020-01-27T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "WPS Hide Login \u003c= 1.5.4.2 - Hidden Login Page Location Disclosure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2020-36710",
        "datePublished": "2023-06-07T01:51:26.862Z",
        "dateReserved": "2023-06-06T12:49:59.185Z",
        "dateUpdated": "2026-04-08T17:01:48.320Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-24917 (GCVE-0-2021-24917)

    Vulnerability from cvelistv5 – Published: 2021-12-06 15:55 – Updated: 2024-08-03 19:49
    VLAI
    Title
    WPS Hide Login < 1.9.1 - Protection Bypass with Referer-Header
    Summary
    The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user.
    Severity
    No CVSS data available.
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown WPS Hide Login Affected: 1.9.1 , < 1.9.1 (custom)
    Create a notification for this product.
    Credits
    Daniel Ruf Thalakus
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:49:13.491Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/15bb711a-7d70-4891-b7a2-c473e3e8b375"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/support/topic/bypass-security-issue/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WPS Hide Login",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "1.9.1",
                  "status": "affected",
                  "version": "1.9.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Daniel Ruf"
            },
            {
              "lang": "en",
              "value": "Thalakus"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-06T15:55:30.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/15bb711a-7d70-4891-b7a2-c473e3e8b375"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/support/topic/bypass-security-issue/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WPS Hide Login \u003c 1.9.1 - Protection Bypass with Referer-Header",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24917",
              "STATE": "PUBLIC",
              "TITLE": "WPS Hide Login \u003c 1.9.1 - Protection Bypass with Referer-Header"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WPS Hide Login",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.9.1",
                                "version_value": "1.9.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Daniel Ruf"
              },
              {
                "lang": "eng",
                "value": "Thalakus"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-863 Incorrect Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/15bb711a-7d70-4891-b7a2-c473e3e8b375",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/15bb711a-7d70-4891-b7a2-c473e3e8b375"
                },
                {
                  "name": "https://wordpress.org/support/topic/bypass-security-issue/",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/support/topic/bypass-security-issue/"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24917",
        "datePublished": "2021-12-06T15:55:30.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:49:13.491Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3332 (GCVE-0-2021-3332)

    Vulnerability from cvelistv5 – Published: 2021-03-01 20:22 – Updated: 2024-08-03 16:53
    VLAI
    Summary
    WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T16:53:17.417Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.sebastianschmitt.eu/security/wps-hide-login-1-6-1-protection-bypass-cve-2021-3332"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-01T20:22:58.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.sebastianschmitt.eu/security/wps-hide-login-1-6-1-protection-bypass-cve-2021-3332"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-3332",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://blog.sebastianschmitt.eu/security/wps-hide-login-1-6-1-protection-bypass-cve-2021-3332",
                  "refsource": "MISC",
                  "url": "https://blog.sebastianschmitt.eu/security/wps-hide-login-1-6-1-protection-bypass-cve-2021-3332"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-3332",
        "datePublished": "2021-03-01T20:22:58.000Z",
        "dateReserved": "2021-01-27T00:00:00.000Z",
        "dateUpdated": "2024-08-03T16:53:17.417Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-9498 (GCVE-0-2015-9498)

    Vulnerability from cvelistv5 – Published: 2019-10-22 20:36 – Updated: 2024-08-06 08:51
    VLAI
    Summary
    The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:51:05.274Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpvulndb.com/vulnerabilities/8011"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/wps-hide-login/#developers"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-22T20:36:32.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpvulndb.com/vulnerabilities/8011"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/wps-hide-login/#developers"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-9498",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpvulndb.com/vulnerabilities/8011",
                  "refsource": "MISC",
                  "url": "https://wpvulndb.com/vulnerabilities/8011"
                },
                {
                  "name": "https://wordpress.org/plugins/wps-hide-login/#developers",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/wps-hide-login/#developers"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-9498",
        "datePublished": "2019-10-22T20:36:32.000Z",
        "dateReserved": "2019-10-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:51:05.274Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15826 (GCVE-0-2019-15826)

    Vulnerability from cvelistv5 – Published: 2019-08-30 12:59 – Updated: 2024-08-05 00:56
    VLAI
    Summary
    The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:56:22.485Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpvulndb.com/vulnerabilities/9469"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/wps-hide-login/#developers"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-31T04:06:06.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpvulndb.com/vulnerabilities/9469"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/wps-hide-login/#developers"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-15826",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpvulndb.com/vulnerabilities/9469",
                  "refsource": "MISC",
                  "url": "https://wpvulndb.com/vulnerabilities/9469"
                },
                {
                  "name": "https://wordpress.org/plugins/wps-hide-login/#developers",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/wps-hide-login/#developers"
                },
                {
                  "name": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/",
                  "refsource": "MISC",
                  "url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-15826",
        "datePublished": "2019-08-30T12:59:08.000Z",
        "dateReserved": "2019-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:56:22.485Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15825 (GCVE-0-2019-15825)

    Vulnerability from cvelistv5 – Published: 2019-08-30 12:58 – Updated: 2024-08-05 00:56
    VLAI
    Summary
    The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp&key&login protection bypass.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:56:22.482Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpvulndb.com/vulnerabilities/9469"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/wps-hide-login/#developers"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp\u0026key\u0026login protection bypass."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-31T04:06:06.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpvulndb.com/vulnerabilities/9469"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/wps-hide-login/#developers"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-15825",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp\u0026key\u0026login protection bypass."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpvulndb.com/vulnerabilities/9469",
                  "refsource": "MISC",
                  "url": "https://wpvulndb.com/vulnerabilities/9469"
                },
                {
                  "name": "https://wordpress.org/plugins/wps-hide-login/#developers",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/wps-hide-login/#developers"
                },
                {
                  "name": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/",
                  "refsource": "MISC",
                  "url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-15825",
        "datePublished": "2019-08-30T12:58:11.000Z",
        "dateReserved": "2019-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:56:22.482Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15824 (GCVE-0-2019-15824)

    Vulnerability from cvelistv5 – Published: 2019-08-30 12:57 – Updated: 2024-08-05 00:56
    VLAI
    Summary
    The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:56:22.751Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpvulndb.com/vulnerabilities/9469"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/wps-hide-login/#developers"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-31T04:06:06.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpvulndb.com/vulnerabilities/9469"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/wps-hide-login/#developers"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-15824",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpvulndb.com/vulnerabilities/9469",
                  "refsource": "MISC",
                  "url": "https://wpvulndb.com/vulnerabilities/9469"
                },
                {
                  "name": "https://wordpress.org/plugins/wps-hide-login/#developers",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/wps-hide-login/#developers"
                },
                {
                  "name": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/",
                  "refsource": "MISC",
                  "url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-15824",
        "datePublished": "2019-08-30T12:57:19.000Z",
        "dateReserved": "2019-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:56:22.751Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15823 (GCVE-0-2019-15823)

    Vulnerability from cvelistv5 – Published: 2019-08-30 12:49 – Updated: 2024-08-05 00:56
    VLAI
    Summary
    The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:56:22.463Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpvulndb.com/vulnerabilities/9469"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/wps-hide-login/#developers"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-31T04:06:06.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpvulndb.com/vulnerabilities/9469"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/wps-hide-login/#developers"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-15823",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpvulndb.com/vulnerabilities/9469",
                  "refsource": "MISC",
                  "url": "https://wpvulndb.com/vulnerabilities/9469"
                },
                {
                  "name": "https://wordpress.org/plugins/wps-hide-login/#developers",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/wps-hide-login/#developers"
                },
                {
                  "name": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/",
                  "refsource": "MISC",
                  "url": "https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-15823",
        "datePublished": "2019-08-30T12:49:10.000Z",
        "dateReserved": "2019-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:56:22.463Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15822 (GCVE-0-2019-15822)

    Vulnerability from cvelistv5 – Published: 2019-08-30 12:42 – Updated: 2024-08-05 00:56
    VLAI
    Summary
    The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory traversal.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:56:22.471Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpvulndb.com/vulnerabilities/9470"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/wps-child-theme-generator/#developers"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://secupress.me/blog/wps-child-theme-generator-v1-1-multiples-vulnerabilities/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory traversal."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-31T04:06:07.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpvulndb.com/vulnerabilities/9470"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/wps-child-theme-generator/#developers"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://secupress.me/blog/wps-child-theme-generator-v1-1-multiples-vulnerabilities/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-15822",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory traversal."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpvulndb.com/vulnerabilities/9470",
                  "refsource": "MISC",
                  "url": "https://wpvulndb.com/vulnerabilities/9470"
                },
                {
                  "name": "https://wordpress.org/plugins/wps-child-theme-generator/#developers",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/wps-child-theme-generator/#developers"
                },
                {
                  "name": "https://secupress.me/blog/wps-child-theme-generator-v1-1-multiples-vulnerabilities/",
                  "refsource": "MISC",
                  "url": "https://secupress.me/blog/wps-child-theme-generator-v1-1-multiples-vulnerabilities/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-15822",
        "datePublished": "2019-08-30T12:42:35.000Z",
        "dateReserved": "2019-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:56:22.471Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }