Описание
The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.1.0 (исключая)
cpe:2.3:a:wpmudev:defender_security:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 99%
0.8
Высокий
5.3 Medium
CVSS3
Дефекты
Связанные уязвимости
CVSS3: 5.3
github
больше 2 лет назад
The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled.
EPSS
Процентиль: 99%
0.8
Высокий
5.3 Medium
CVSS3