Описание
The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin.
Ссылки
- Patch
- Third Party Advisory
- Patch
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.9.16 (исключая)
cpe:2.3:a:wpserveur:wps_hide_login:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 91%
0.07274
Низкий
5.3 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 5.3
github
больше 1 года назад
The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin.
EPSS
Процентиль: 91%
0.07274
Низкий
5.3 Medium
CVSS3
Дефекты
NVD-CWE-noinfo