CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36710 – WPS Hide Login <= 1.5.4.2 - Hidden Login Page Location Disclosure
https://notcve.org/view.php?id=CVE-2020-36710
The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2. • https://blog.nintechnet.com/wordpress-wps-hide-login-fixed-security-issue https://www.wordfence.com/threat-intel/vulnerabilities/id/7808329f-1688-480c-a83c-c4ab2fa86da6?source=cve • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-15823 – WPS Hide Login <= 1.5.2.2 - Login Page Disclosure via 'action=confirmaction'
https://notcve.org/view.php?id=CVE-2019-15823
The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass. El plugin wps-hide-login anterior a la versión 1.5.3 para WordPress tiene un bypass de protección acción = confirmación. The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure in versions up to, and including, 1.5.2.2. This is due to a bypass that is created when the 'action=confirmaction' parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin. • https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities https://wordpress.org/plugins/wps-hide-login/#developers https://wpvulndb.com/vulnerabilities/9469 • CWE-285: Improper Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-15825 – WPS Hide Login <= 1.5.2.2 - Login Page Disclosure via 'action=rp'
https://notcve.org/view.php?id=CVE-2019-15825
The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp&key&login protection bypass. El complemento wps-hide-login antes de 1.5.3 para WordPress tiene una acción = rp & key & bypass de protección de inicio de sesión. The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure in versions up to, and including, 1.5.2.2. This is due to a bypass that is created when the 'action=rp&key&login' parameters are supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin. • https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities https://wordpress.org/plugins/wps-hide-login/#developers https://wpvulndb.com/vulnerabilities/9469 • CWE-693: Protection Mechanism Failure •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-15826 – WPS Hide Login <= 1.5.2.2 - Login Page Disclosure via Referer Header
https://notcve.org/view.php?id=CVE-2019-15826
The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field. El plugin wps-hide-login anterior a la versión 1.5.3 para WordPress tiene un bypass de protección a través de wp-login.php en el campo Referer. The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field. The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure in versions up to, and including, 1.5.2.2. This is due to a bypass that is created when wp-login.php?action=postpass is supplied via the 'Referer' header. • https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities https://wordpress.org/plugins/wps-hide-login/#developers https://wpvulndb.com/vulnerabilities/9469 • CWE-693: Protection Mechanism Failure •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-15824 – WPS Hide Login <= 1.5.2.2 - Login Page Disclosure via 'adminhash'
https://notcve.org/view.php?id=CVE-2019-15824
The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass. El plugin wps-hide-login anterior a la versión 1.5.3 para WordPress tiene un bypass de protección adminhash. The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure in versions up to, and including, 1.5.2.2. This is due to a bypass that is created when the 'adminhash' parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin. • https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities https://wordpress.org/plugins/wps-hide-login/#developers https://wpvulndb.com/vulnerabilities/9469 • CWE-693: Protection Mechanism Failure •