CVE-2021-24917

The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user...

WordPress WPS Hide Login Login Page Revealer

This module exploits a bypass issue with WPS Hide Login version use auxiliary/scanner/http/wpwpshideloginrevealer msf auxiliarywpwpshideloginrevealer show actions ...actions... msf auxiliarywpwpshideloginrevealer set ACTION msf auxiliarywpwpshideloginrevealer show options ...show and set options...

CVE-2021-24917

creationtimestamp| type| source ---|---|--- 2021-12-06 18:20:50+00:00| seen| https://t.me/cibsecurity/33379 2021-12-15 23:35:23+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wpwpshideloginrevealer.rb 2025-02-06 03:13:45+00:00| seen|...

CVE-2021-24917

Affected software/versions: WordPress WPS Hide Login plugin earlier than 1.9.1. Issue: Incorrect authorization allows unauthenticated users to discover the secret login page by crafting a request to /wp-admin/options.php with a random referer. This results in information disclosure (secret login ...

CVE-2021-24917 WPS Hide Login < 1.9.1 - Protection Bypass with Referer-Header

The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user...