CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51490 – WordPress Defender Security Plugin <= 4.1.0 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-51490
27 Dec 2023 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security – Malware Scanner, Login Security & Firewall.This issue affects Defender Security – Malware Scanner, Login Security & Firewall: from n/a through 4.1.0. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en WPMU DEV Defender Security: análisis de malware, seguridad de inicio de sesión y firewall. Este problema afecta a Defender Security: análisis de malware, seguridad de inic... • https://patchstack.com/database/vulnerability/defender-security/wordpress-defender-security-plugin-4-1-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 3CVE-2023-5089 – Defender Security < 4.1.0 - Protection Bypass (Hidden Login Page)
https://notcve.org/view.php?id=CVE-2023-5089
06 Sep 2023 — The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled. El complemento Defender Security para WordPress anterior a 4.1.0 no impide las redirecciones a la página de inicio de sesión a través de la función auth_redirect de WordPress, lo que permite que un visitante no autenticado acceda a la página... • https://github.com/Cappricio-Securities/CVE-2023-5089 • CWE-693: Protection Mechanism Failure •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 8CVE-2021-4425 – Defender Security <= 2.4.6 - Cross-Site Request Forgery Bypass
https://notcve.org/view.php?id=CVE-2021-4425
01 Mar 2021 — The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. This is due to missing or incorrect nonce validation on the verify_otp_login_time() function. This makes it possible for unauthenticated attackers to verify a one time login via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks • CWE-352: Cross-Site Request Forgery (CSRF) •