CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6289 – WPS Hide Login < 1.9.16.4 - Hidden Login Page Disclosure
https://notcve.org/view.php?id=CVE-2024-6289
The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page. El complemento WPS Hide Login WordPress anterior a 1.9.16.4 no impide las redirecciones a la página de inicio de sesión a través de la función auth_redirect de WordPress, lo que permite que un visitante no autenticado acceda a la página de inicio de sesión oculta. The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.16.3. This is due to the plugin not prevent redirects to the login page when gravity forms is installed. This makes it possible for unauthenticated attackers to find the login page when it has been hidden. • https://wpscan.com/vulnerability/fd6d0362-df1d-4416-b8b5-6e5d0ce84793 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2473 – WPS Hide Login <= 1.9.15.2 - Login Page Disclosure
https://notcve.org/view.php?id=CVE-2024-2473
The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin. El complemento WPS Hide Login para WordPress es vulnerable a la divulgación de la página de inicio de sesión en todas las versiones hasta la 1.9.15.2 incluida. Esto se debe a una omisión que se crea cuando se proporciona el parámetro 'action=postpass'. • https://plugins.trac.wordpress.org/changeset/3099109/wps-hide-login https://www.wordfence.com/threat-intel/vulnerabilities/id/fd21c7d3-a5f1-4c3a-b6ab-0a979f070a62?source=cve • CWE-863: Incorrect Authorization •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49748 – WordPress WPS Hide Login plugin <= 1.9.11 - Secret Login Page Location Disclosure on Multisites vulnerability
https://notcve.org/view.php?id=CVE-2023-49748
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPServeur, NicolasKulka, wpformation WPS Hide Login allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPS Hide Login: from n/a through 1.9.11. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en WPServeur, NicolasKulka, wpformation WPS Hide Login permite acceder a la funcionalidad no restringida adecuadamente por las ACL. Este problema afecta a WPS Hide Login: desde n/a hasta 1.9.11. The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure in all versions up to, and including, 1.9.11. This makes it possible for unauthenticated attackers to bypass an intended security restriction designed to prevent brute force authentication attempts on multi-site installations. • https://patchstack.com/database/vulnerability/wps-hide-login/wordpress-wps-hide-login-plugin-1-9-11-secret-login-page-location-disclosure-on-multisites-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-693: Protection Mechanism Failure •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 3CVE-2021-24917 – WPS Hide Login < 1.9.1 - Protection Bypass with Referer-Header
https://notcve.org/view.php?id=CVE-2021-24917
The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user. El plugin WPS Hide Login de WordPress versiones anteriores a 1.9.1, presenta un bug que permite conseguir la página secreta de inicio de sesión estableciendo una cadena de referencia aleatoria y haciendo una petición a /wp-admin/options.php como un usuario no autenticado • https://github.com/dikalasenjadatang/CVE-2021-24917 https://github.com/Cappricio-Securities/CVE-2021-24917 https://wordpress.org/support/topic/bypass-security-issue https://wpscan.com/vulnerability/15bb711a-7d70-4891-b7a2-c473e3e8b375 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36710 – WPS Hide Login <= 1.5.4.2 - Hidden Login Page Location Disclosure
https://notcve.org/view.php?id=CVE-2020-36710
The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2. • https://blog.nintechnet.com/wordpress-wps-hide-login-fixed-security-issue https://www.wordfence.com/threat-intel/vulnerabilities/id/7808329f-1688-480c-a83c-c4ab2fa86da6?source=cve • CWE-863: Incorrect Authorization •