Lucene search
+L

14 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:24 p.m.9 views

CVE-2021-24917

The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user...

7.5CVSS7AI score0.71532EPSS
Exploits5References1
Cvelist
Cvelist
added 2024/06/04 12:38 p.m.38 views

CVE-2023-52147 WordPress All-In-One Security (AIOS) plugin <= 5.2.4 - Secret Login Page Location Disclosure on Multisites vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects All In One WP Security & Firewall: from n/a through 5.2.4...

3.7CVSS4.2AI score0.00322EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/04 11:24 a.m.13 views

CVE-2023-49822 WordPress Ultimate Dashboard plugin <= 3.7.10 - Secret Login Page Location Disclosure on Multisites vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Vongries Ultimate Dashboard allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Ultimate Dashboard: from n/a through 3.7.10...

3.7CVSS6.8AI score0.00303EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/04 11:24 a.m.29 views

CVE-2023-49822 WordPress Ultimate Dashboard plugin <= 3.7.10 - Secret Login Page Location Disclosure on Multisites vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Vongries Ultimate Dashboard allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Ultimate Dashboard: from n/a through 3.7.10...

3.7CVSS4.2AI score0.00303EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/04 11:7 a.m.23 views

CVE-2023-49748 WordPress WPS Hide Login plugin <= 1.9.11 - Secret Login Page Location Disclosure on Multisites vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPServeur, NicolasKulka, wpformation WPS Hide Login allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPS Hide Login: from n/a through 1.9.11...

3.7CVSS6.8AI score0.00303EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/04 10:40 a.m.15 views

CVE-2023-48335 WordPress Hide login page plugin <= 1.1.9 - Secret Login Page Location Disclosure on Multisites vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Webcraftic Hide login page allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hide login page: from n/a through 1.1.9...

3.7CVSS6.8AI score0.00303EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/04 10:8 a.m.32 views

CVE-2023-47818 WordPress LWS Hide Login plugin <= 2.1.8 - Secret Login Page Location Disclosure on Multisites vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in LWS LWS Hide Login allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LWS Hide Login: from n/a through 2.1.8...

3.7CVSS4.2AI score0.00303EPSS
Exploits0References1
wpexploit
wpexploit
added 2023/07/27 12:0 a.m.140 views

Change WP Admin < 1.1.4 - Secret Login Page Disclosure

Description The plugin discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered. - Set custom Login URL under "Settings Permalinks". For example, login - As an unauthenticated visitor, open https://example.com/wp-admin/customize.php in a different...

7.5CVSS6.8AI score0.00692EPSS
Exploits2
OSV
OSV
added 2021/12/06 4:15 p.m.4 views

CVE-2021-24917

The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user...

7.5CVSS7.2AI score
Exploits0References2
Prion
Prion
added 2021/12/06 4:15 p.m.41 views

Design/Logic Flaw

The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user...

5CVSS7.5AI score0.71532EPSS
Exploits5References2Affected Software1
CNNVD
CNNVD
added 2021/12/06 12:0 a.m.30 views

WordPress 插件 安全漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. WordPress WPS Hide Login plugin has an authorization issue vulnerability in versions prior to 1.9.1, which ste...

7.5CVSS5.6AI score0.71532EPSS
Exploits5References2
WPVulnDB
WPVulnDB
added 2021/10/27 12:0 a.m.39 views

WPS Hide Login < 1.9.1 - Protection Bypass with Referer-Header

The plugin has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user. PoC curl --referer "something" -sIXGET https://example.com/wp-admin/options.php HTTP/2 302 ... location:...

0.5AI score0.71532EPSS
Exploits5References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/01/27 12:0 a.m.19 views

WPS Hide Login < 1.5.5 - Secret Login Page Disclosure

fixed a vulnerability in version 1.5.4.2 and below that could allow an attacker to find and access the secret login page...

3.7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2020/01/27 12:0 a.m.9 views

WordPress WPS Hide Login plugin <= 1.5.4.2 - Secret login page location disclosure vulnerability

Secret login page location disclosure vulnerability found by Jerome Bruandet in WordPress WPS Hide Login plugin versions = 1.5.4.2. Solution Update the WordPress WPS Hide Login plugin to the latest available version at least 1.5.5...

1.6AI score
Exploits0References1Affected Software1
Rows per page
Query Builder