20 matches found
CVE-2024-6420
The Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent redirects to the login page via the authredirect WordPress function, allowing an unauthenticated visitor to access the hidden login page...
CVE-2023-3604
The Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered...
CVE-2024-13794
The WP Ghost Hide My WP Ghost – Security & Firewall plugin for WordPress is vulnerable to Login Page Dislcosure in all versions up to, and including, 5.3.02. This is due to the plugin not properly restricting the /wp-register.php path. This makes it possible for unauthenticated attackers to...
CVE-2024-6420
The Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent redirects to the login page via the authredirect WordPress function, allowing an unauthenticated visitor to access the hidden login page...
CVE-2024-6420 Hide My WP Ghost < 5.2.02 - Hidden Login Page Disclosure
The Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent redirects to the login page via the authredirect WordPress function, allowing an unauthenticated visitor to access the hidden login page...
CVE-2024-6420
The CVE-2024-6420 entry concerns the WordPress plugin Hide My WP Ghost before 5.2.02. The root cause is that redirects to the login page via WordPress auth_redirect are not blocked by the plugin, allowing an unauthenticated user to access the hidden login page. Impact is unauthenticated disclosur...
PT-2024-37613 · WordPress · Hide My Wp Ghost
Name of the Vulnerable Software and Affected Versions: Hide My WP Ghost WordPress plugin versions prior to 5.2.02 Description: The issue allows an unauthenticated visitor to access the hidden login page due to the plugin not preventing redirects to the login page via the auth redirect WordPress...
WordPress WPS Hide Login plugin < 1.9.16.4 - Hidden Login Page Disclosure vulnerability
Hidden Login Page Disclosure vulnerability discovered by Juan Pablo Gomez Postigo in WordPress Plugin WPS Hide Login versions 1.9.16.4...
CVE-2024-6289
The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the authredirect WordPress function, allowing an unauthenticated visitor to access the hidden login page...
CVE-2024-6289 WPS Hide Login < 1.9.16.4 - Hidden Login Page Disclosure
The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the authredirect WordPress function, allowing an unauthenticated visitor to access the hidden login page...
CVE-2024-6289
The CVE-2024-6289 entry concerns the WordPress plugin WPS Hide Login (versions prior to 1.9.16.4). The root cause is improper handling of redirects via the auth_redirect function, allowing an unauthenticated visitor to access the hidden login page. Affected component: the plugin’s login/page redi...
CVE-2024-6289 WPS Hide Login < 1.9.16.4 - Hidden Login Page Disclosure
The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the authredirect WordPress function, allowing an unauthenticated visitor to access the hidden login page...
PT-2024-37516 · WordPress · Wps Hide Login
Name of the Vulnerable Software and Affected Versions: WPS Hide Login WordPress plugin versions prior to 1.9.16.4 Description: The issue allows an unauthenticated visitor to access the hidden login page due to the plugin not preventing redirects to the login page via the auth redirect WordPress...
Defender Security < 4.1.0 - Protection Bypass (Hidden Login Page)
Description The plugin does not prevent redirects to the login page via the authredirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled. Example using GravityForms to redirect to the login page...
CVE-2023-3604
The Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered...
CVE-2023-3604
CVE-2023-3604 affects the Change WP Admin Login WordPress plugin prior to version 1.1.4. The vulnerability arises from disclosing the URL of the hidden login page when a crafted URL is accessed, bypassing the plugin’s protection mechanism. Impact, as stated in multiple sources, is that an unauthe...
CVE-2023-3604 Change WP Admin < 1.1.4 - Secret Login Page Disclosure
The Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered...
WordPress plugin Change WP Admin Login 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
All In One WP Security & Firewall <= 4.4.1 - Open Redirect & Hidden Login Page Exposure
The All In One WP Security & Firewall plugin suffers from open redirect and exposure of the actual URL of the "hidden login page" feature. Edit WPScanTeam October 3rd, 2019 - Email sent to dev via https://wpsolutions-hq.com/contact/ October 8th - Dev ACK & investigating it October 8th - v4.4.2...
All In One WP Security & Firewall <= 4.4.1 - Open Redirect & Hidden Login Page Exposure
The All In One WP Security & Firewall plugin suffers from open redirect and exposure of the actual URL of the "hidden login page" feature. Edit WPScanTeam October 3rd, 2019 - Email sent to dev via https://wpsolutions-hq.com/contact/ October 8th - Dev ACK & investigating it October 8th - v4.4.2...