5 matches found
WPS Hide Login < 1.9.16.4 - Hidden Login Page Disclosure
The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the authredirect WordPress function, allowing an unauthenticated visitor to access the hidden login page. id: CVE-2024-6289 info: name: WPS Hide Login 1.9.16.4 - Hidden Login Page Disclosure autho...
CVE-2024-6289 WPS Hide Login < 1.9.16.4 - Hidden Login Page Disclosure
The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the authredirect WordPress function, allowing an unauthenticated visitor to access the hidden login page...
CVE-2024-6289 WPS Hide Login < 1.9.16.4 - Hidden Login Page Disclosure
The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the authredirect WordPress function, allowing an unauthenticated visitor to access the hidden login page...
CVE-2024-6289
The CVE-2024-6289 entry concerns the WordPress plugin WPS Hide Login (versions prior to 1.9.16.4). The root cause is improper handling of redirects via the auth_redirect function, allowing an unauthenticated visitor to access the hidden login page. Affected component: the plugin’s login/page redi...
WordPress WPS Hide Login Plugin < 1.9.16.4 is vulnerable to Bypass Vulnerability
Software WPS Hide Login Type Plugin Vulnerable versions 1.9.16.4 Fixed in 1.9.16.4 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-6289 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f53af1c9d210 Credits Juan Pablo Gomez Postigo Required...