WPS Hide Login <= 1.9.15.2 - Login Page Disclosure

The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may...

CVE-2024-2473

creationtimestamp| type| source ---|---|--- 2025-05-15 07:24:21+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-2473.yaml 2025-05-15 21:02:28+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lpafxtmgqd2a 2026-01-27...

CVE-2024-2473

The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may...

CVE-2024-2473 WPS Hide Login <= 1.9.15.2 - Login Page Disclosure

The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may...

CVE-2024-2473

CVE-2024-2473 : The WordPress plugin WPS Hide Login is vulnerable to a Login Page Disclosure in all versions up to and including 1.9.15.2 due to a bypass triggered when the query parameter action=postpass is supplied. This bypass allows unauthenticated attackers to discover the actual hidden logi...

WordPress WPS Hide Login Plugin <= 1.9.15.2 is vulnerable to Bypass Vulnerability

Software WPS Hide Login Type Plugin Vulnerable versions = 1.9.15.2 Fixed in 1.9.16 OWASP Top 10 A1: Broken Access Control Classification Bypass Vulnerability CVE CVE-2024-2473 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 6dff27358fc5 Credits Nicholas Mun Required...