CVE-2024-6420

The Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent redirects to the login page via the authredirect WordPress function, allowing an unauthenticated visitor to access the hidden login page...

CVE-2023-3604

The Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered...

CVE-2024-13794

The WP Ghost Hide My WP Ghost – Security & Firewall plugin for WordPress is vulnerable to Login Page Dislcosure in all versions up to, and including, 5.3.02. This is due to the plugin not properly restricting the /wp-register.php path. This makes it possible for unauthenticated attackers to...

PT-2025-6451 · WordPress · Wp Ghost

Name of the Vulnerable Software and Affected Versions: The WP Ghost Hide My WP Ghost – Security & Firewall plugin for WordPress versions up to, and including, 5.3.02 Description: The issue is due to the plugin not properly restricting the "/wp-register.php" path, making it possible for...

WordPress Hide My WP Ghost plugin < 5.2.02 - Hidden Login Page Disclosure vulnerability

Hidden Login Page Disclosure vulnerability discovered by Juan Pablo Gomez Postigo in WordPress Plugin Hide My WP Ghost versions 5.2.02...

CVE-2024-6420

The Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent redirects to the login page via the authredirect WordPress function, allowing an unauthenticated visitor to access the hidden login page...

CVE-2024-6420

The CVE-2024-6420 entry concerns the WordPress plugin Hide My WP Ghost before 5.2.02. The root cause is that redirects to the login page via WordPress auth_redirect are not blocked by the plugin, allowing an unauthenticated user to access the hidden login page. Impact is unauthenticated disclosur...

CVE-2024-6420 Hide My WP Ghost < 5.2.02 - Hidden Login Page Disclosure

The Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent redirects to the login page via the authredirect WordPress function, allowing an unauthenticated visitor to access the hidden login page...

PT-2024-37613 · WordPress · Hide My Wp Ghost

Name of the Vulnerable Software and Affected Versions: Hide My WP Ghost WordPress plugin versions prior to 5.2.02 Description: The issue allows an unauthenticated visitor to access the hidden login page due to the plugin not preventing redirects to the login page via the auth redirect WordPress...

WordPress WPS Hide Login plugin < 1.9.16.4 - Hidden Login Page Disclosure vulnerability

Hidden Login Page Disclosure vulnerability discovered by Juan Pablo Gomez Postigo in WordPress Plugin WPS Hide Login versions 1.9.16.4...

CVE-2024-6289

The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the authredirect WordPress function, allowing an unauthenticated visitor to access the hidden login page...

CVE-2024-6289

The CVE-2024-6289 entry concerns the WordPress plugin WPS Hide Login (versions prior to 1.9.16.4). The root cause is improper handling of redirects via the auth_redirect function, allowing an unauthenticated visitor to access the hidden login page. Affected component: the plugin’s login/page redi...

CVE-2024-6289 WPS Hide Login < 1.9.16.4 - Hidden Login Page Disclosure

The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the authredirect WordPress function, allowing an unauthenticated visitor to access the hidden login page...

CVE-2024-6289 WPS Hide Login < 1.9.16.4 - Hidden Login Page Disclosure

The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the authredirect WordPress function, allowing an unauthenticated visitor to access the hidden login page...

PT-2024-37516 · WordPress · Wps Hide Login

Name of the Vulnerable Software and Affected Versions: WPS Hide Login WordPress plugin versions prior to 1.9.16.4 Description: The issue allows an unauthenticated visitor to access the hidden login page due to the plugin not preventing redirects to the login page via the auth redirect WordPress...

CVE-2024-2473

The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may...

Defender Security < 4.1.0 - Protection Bypass (Hidden Login Page)

Description The plugin does not prevent redirects to the login page via the authredirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled. Example using GravityForms to redirect to the login page...

CVE-2023-3604

The Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered...

CVE-2023-3604

The Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered...

CVE-2023-3604

CVE-2023-3604 affects the Change WP Admin Login WordPress plugin prior to version 1.1.4. The vulnerability arises from disclosing the URL of the hidden login page when a crafted URL is accessed, bypassing the plugin’s protection mechanism. Impact, as stated in multiple sources, is that an unauthe...