CVE-2021-24917
WPS Hide Login < 1.9.1 - Protection Bypass with Referer-Header
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user.
El plugin WPS Hide Login de WordPress versiones anteriores a 1.9.1, presenta un bug que permite conseguir la página secreta de inicio de sesión estableciendo una cadena de referencia aleatoria y haciendo una petición a /wp-admin/options.php como un usuario no autenticado
*Credits:
Daniel Ruf, Thalakus
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-01-14 CVE Reserved
- 2021-10-27 CVE Published
- 2024-01-20 First Exploit
- 2024-08-03 CVE Updated
- 2024-09-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-863: Incorrect Authorization
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://wordpress.org/support/topic/bypass-security-issue | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://github.com/dikalasenjadatang/CVE-2021-24917 | 2024-01-20 | |
| https://github.com/Cappricio-Securities/CVE-2021-24917 | 2024-06-21 | |
| https://wpscan.com/vulnerability/15bb711a-7d70-4891-b7a2-c473e3e8b375 | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Wpserveur Search vendor "Wpserveur" | Wps Hide Login Search vendor "Wpserveur" for product "Wps Hide Login" | < 1.9.1 Search vendor "Wpserveur" for product "Wps Hide Login" and version " < 1.9.1" | wordpress |
Affected
| ||||||