Описание
The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2.
Ссылки
- Exploit
- Third Party Advisory
- Exploit
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.5.4.2 (включая)
cpe:2.3:a:wpserveur:wps_hide_login:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 64%
0.00467
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-863
Связанные уязвимости
CVSS3: 5.3
github
больше 2 лет назад
The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2.
EPSS
Процентиль: 64%
0.00467
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-863