The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. This is due to missing or incorrect nonce validation on the verify_otp_login_time() function. This makes it possible for unauthenticated attackers to verify a one time log...
4.3CVSS
4.2AI Score
0.001EPSS
Insecure Storage of Sensitive Information vulnerability in WPMU DEV Defender Security allows : Screen Temporary Files for Sensitive Information.This issue affects Defender Security: from n/a through 3.3.2.
5CVSS
6.8AI Score
0.0004EPSS
Improper Authentication vulnerability in WPMU DEV Defender Security allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Defender Security: from n/a through 4.2.0.
5.3CVSS
7.2AI Score
0.0004EPSS
The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled.
5.3CVSS
5.3AI Score
0.002EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security β Malware Scanner, Login Security & Firewall.This issue affects Defender Security β Malware Scanner, Login Security & Firewall: from n/a through 4.1.0.
7.5CVSS
7.6AI Score
0.001EPSS
Authentication Bypass by Spoofing vulnerability in WPMU DEV Defender Security allows Functionality Bypass.This issue affects Defender Security: from n/a through 4.4.1.
5.3CVSS
5.4AI Score
0.0004EPSS