Page 2 of 10 results (0.004 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field. El plugin wps-hide-login anterior a la versión 1.5.3 para WordPress tiene un bypass de protección a través de wp-login.php en el campo Referer. The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field. The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure in versions up to, and including, 1.5.2.2. This is due to a bypass that is created when wp-login.php?action=postpass is supplied via the 'Referer' header. • https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities https://wordpress.org/plugins/wps-hide-login/#developers https://wpvulndb.com/vulnerabilities/9469 • CWE-693: Protection Mechanism Failure •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass. El plugin wps-hide-login anterior a la versión 1.5.3 para WordPress tiene un bypass de protección acción = confirmación. The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure in versions up to, and including, 1.5.2.2. This is due to a bypass that is created when the 'action=confirmaction' parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin. • https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities https://wordpress.org/plugins/wps-hide-login/#developers https://wpvulndb.com/vulnerabilities/9469 • CWE-285: Improper Authorization •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp&key&login protection bypass. El complemento wps-hide-login antes de 1.5.3 para WordPress tiene una acción = rp & key & bypass de protección de inicio de sesión. The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure in versions up to, and including, 1.5.2.2. This is due to a bypass that is created when the 'action=rp&key&login' parameters are supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin. • https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities https://wordpress.org/plugins/wps-hide-login/#developers https://wpvulndb.com/vulnerabilities/9469 • CWE-693: Protection Mechanism Failure •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass. El plugin wps-hide-login anterior a la versión 1.5.3 para WordPress tiene un bypass de protección adminhash. The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure in versions up to, and including, 1.5.2.2. This is due to a bypass that is created when the 'adminhash' parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin. • https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities https://wordpress.org/plugins/wps-hide-login/#developers https://wpvulndb.com/vulnerabilities/9469 • CWE-693: Protection Mechanism Failure •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value. El plugin wps-hide-login versiones anteriores a 1.1 para WordPress, presenta una vulnerabilidad de tipo CSRF que afecta el almacenamiento de un valor de opción. • https://wordpress.org/plugins/wps-hide-login/#developers https://wpvulndb.com/vulnerabilities/8011 • CWE-352: Cross-Site Request Forgery (CSRF) •