The WP Hardening – Fix Your WordPress Security plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 1.2.6. This is due to use of an incorrect regular expression within the "Stop User Enumeration" feature. This makes it possible for unauthenticated attackers to bypass intended security restrictions and expose site usernames.
References
Configurations
History
25 Sep 2024, 19:07
Type | Values Removed | Values Added |
---|---|---|
References | () https://plugins.trac.wordpress.org/changeset/3151308/wp-security-hardening - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/7a52a278-1729-4027-8a00-e9804fa6698b?source=cve - Third Party Advisory | |
First Time |
Getastra
Getastra wp Hardening |
|
CPE | cpe:2.3:a:getastra:wp_hardening:*:*:*:*:*:wordpress:*:* | |
CWE | CWE-697 |
20 Sep 2024, 12:30
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
18 Sep 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-18 06:15
Updated : 2024-09-25 19:07
NVD link : CVE-2024-6641
Mitre link : CVE-2024-6641
CVE.ORG link : CVE-2024-6641
JSON object : View
Products Affected
getastra
- wp_hardening