CVE-2024-6289 WPS Hide Login < 1.9.16.4 - Hidden Login Page Disclosure

2024-07-1506:00:06

WPScan

github.com

cve-2024-6289

wps hide login

wordpress plugin

hidden login page

auth_redirect

unauthenticated visitor

AI Score

Confidence

High

SSVC

Exploitation

poc

Automatable

Technical Impact

partial

JSON

The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:wpserveur:wps_hide_login:-:*:*:*:*:wordpress:*:*"
    ],
    "vendor": "wpserveur",
    "product": "wps_hide_login",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1.9.16.4",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unknown"
  }
]