The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/fd6d0362-df1d-4416-b8b5-6e5d0ce84793/ | Exploit Third Party Advisory |
Configurations
History
16 Jul 2024, 18:08
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
CPE | cpe:2.3:a:wpserveur:wps_hide_login:*:*:*:*:*:wordpress:*:* | |
First Time |
Wpserveur wps Hide Login
Wpserveur |
|
CWE | CWE-601 | |
References | () https://wpscan.com/vulnerability/fd6d0362-df1d-4416-b8b5-6e5d0ce84793/ - Exploit, Third Party Advisory |
15 Jul 2024, 13:00
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
15 Jul 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-15 06:15
Updated : 2024-07-16 18:08
NVD link : CVE-2024-6289
Mitre link : CVE-2024-6289
CVE.ORG link : CVE-2024-6289
JSON object : View
Products Affected
wpserveur
- wps_hide_login
CWE
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')