Lucene search
HistoryOct 16, 2023 - 8:15 p.m.
CVE-2023-5089
cve-2023-5089
redirects
auth_redirect
unauthenticated access
login page
plugin vulnerability
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
0.002
Percentile
52.6%
The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled.
Affected configurations
Node
wpmudevdefender_securityRange<4.1.0wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wpmudev | defender_security | * | cpe:2.3:a:wpmudev:defender_security:*:*:*:*:*:wordpress:*:* |
Related
prion
prion
Design/Logic Flaw
2023-10-16 20:15:00
nuclei
nuclei
Defender Security < 4.1.0 - Protection Bypass (Hidden Login Page)
2024-03-01 17:18:56
wpexploit
wpexploit
Defender Security < 4.1.0 - Protection Bypass (Hidden Login Page)
2023-09-20 00:00:00
cvelist
cvelist
cve
cve
CVE-2023-5089
2023-10-16 20:15:17
githubexploit
githubexploit
Exploit for CVE-2023-5089
2024-05-24 07:14:55
wpvulndb
wpvulndb
Defender Security < 4.1.0 - Protection Bypass (Hidden Login Page)
2023-09-20 00:00:00
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
0.002
Percentile
52.6%
Related for NVD:CVE-2023-5089