Lucene search
K

24 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:11 a.m.6 views

CVE-2022-1595

The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request...

5.3CVSS6.7AI score0.02621EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:24 p.m.9 views

CVE-2021-24917

The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user...

7.5CVSS7AI score0.71532EPSS
Exploits5References1
Cvelist
Cvelist
added 2024/06/04 12:38 p.m.35 views

CVE-2023-52147 WordPress All-In-One Security (AIOS) plugin <= 5.2.4 - Secret Login Page Location Disclosure on Multisites vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects All In One WP Security & Firewall: from n/a through 5.2.4...

3.7CVSS4.2AI score0.00322EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/04 11:24 a.m.25 views

CVE-2023-49822 WordPress Ultimate Dashboard plugin <= 3.7.10 - Secret Login Page Location Disclosure on Multisites vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Vongries Ultimate Dashboard allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Ultimate Dashboard: from n/a through 3.7.10...

3.7CVSS4.2AI score0.00303EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/04 11:24 a.m.13 views

CVE-2023-49822 WordPress Ultimate Dashboard plugin <= 3.7.10 - Secret Login Page Location Disclosure on Multisites vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Vongries Ultimate Dashboard allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Ultimate Dashboard: from n/a through 3.7.10...

3.7CVSS6.8AI score0.00303EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/04 11:7 a.m.22 views

CVE-2023-49748 WordPress WPS Hide Login plugin <= 1.9.11 - Secret Login Page Location Disclosure on Multisites vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPServeur, NicolasKulka, wpformation WPS Hide Login allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPS Hide Login: from n/a through 1.9.11...

3.7CVSS6.8AI score0.00303EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/04 10:40 a.m.15 views

CVE-2023-48335 WordPress Hide login page plugin <= 1.1.9 - Secret Login Page Location Disclosure on Multisites vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Webcraftic Hide login page allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hide login page: from n/a through 1.1.9...

3.7CVSS6.8AI score0.00303EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/04 10:8 a.m.29 views

CVE-2023-47818 WordPress LWS Hide Login plugin <= 2.1.8 - Secret Login Page Location Disclosure on Multisites vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in LWS LWS Hide Login allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LWS Hide Login: from n/a through 2.1.8...

3.7CVSS4.2AI score0.00303EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/07/27 12:0 a.m.10 views

Change WP Admin < 1.1.4 - Secret Login Page Disclosure

Description The plugin discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered. PoC - Set custom Login URL under "Settings Permalinks". For example, login - As an unauthenticated visitor, open https://example.com/wp-admin/customize.php in a...

7.5CVSS6.5AI score0.00692EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/07/27 12:0 a.m.137 views

Change WP Admin < 1.1.4 - Secret Login Page Disclosure

Description The plugin discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered. - Set custom Login URL under "Settings Permalinks". For example, login - As an unauthenticated visitor, open https://example.com/wp-admin/customize.php in a different...

7.5CVSS6.8AI score0.00692EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2022/07/11 1:15 p.m.7 views

CVE-2022-1732

The Rename wp-login.php WordPress plugin through 2.6.0 does not have CSRF check in place when updating the secret login URL, which could allow attackers to make a logged in admin change them via a CSRF attack...

6.5CVSS5.8AI score0.00475EPSS
Exploits2References2
NVD
NVD
added 2022/07/11 1:15 p.m.15 views

CVE-2022-1732

The Rename wp-login.php WordPress plugin through 2.6.0 does not have CSRF check in place when updating the secret login URL, which could allow attackers to make a logged in admin change them via a CSRF attack...

6.5CVSS0.00475EPSS
Exploits2References1
OSV
OSV
added 2022/07/11 1:15 p.m.3 views

CVE-2022-1732

The Rename wp-login.php WordPress plugin through 2.6.0 does not have CSRF check in place when updating the secret login URL, which could allow attackers to make a logged in admin change them via a CSRF attack...

6.5CVSS5.8AI score0.00475EPSS
Exploits2References1
OSV
OSV
added 2022/06/13 1:15 p.m.6 views

CVE-2022-1595

The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request...

5.3CVSS5.8AI score0.02621EPSS
Exploits2References1
NVD
NVD
added 2022/06/13 1:15 p.m.27 views

CVE-2022-1595

The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request...

5.3CVSS0.02621EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/06/13 1:15 p.m.5 views

CVE-2022-1595

The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request...

5.3CVSS6AI score0.02621EPSS
Exploits2References3
Prion
Prion
added 2022/06/13 1:15 p.m.24 views

Cross site request forgery (csrf)

The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request...

5CVSS5.2AI score0.02621EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2022/06/13 12:0 a.m.3 views

WordPress plugin HC Custom WP-Admin URL 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

5.3CVSS5.7AI score0.02621EPSS
Exploits2References2
OSV
OSV
added 2021/12/06 4:15 p.m.3 views

CVE-2021-24917

The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user...

7.5CVSS7.2AI score
Exploits0References2
Prion
Prion
added 2021/12/06 4:15 p.m.39 views

Design/Logic Flaw

The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user...

5CVSS7.5AI score0.71532EPSS
Exploits5References2Affected Software1
Rows per page
Query Builder