CVE-2024-6289: WPS Hide Login Auth Bypass Vulnerability
Platform
wordpress
Component
wps-hide-login
Fixed in
1.9.16.4
CVE-2024-6289 is an authentication bypass vulnerability affecting the WPS Hide Login WordPress plugin. This flaw allows unauthenticated users to bypass the intended login page redirection and access the hidden login page. This impacts versions 0 through 1.9.16.4 of the plugin. The vulnerability is fixed in version 1.9.16.4.
How to fix
Actualice el plugin WPS Hide Login a la versión 1.9.16.4 o superior. Esto solucionará la vulnerabilidad que permite el acceso no autenticado a la página de inicio de sesión oculta. Puede actualizar el plugin directamente desde el panel de administración de WordPress.
Frequently asked questions
What is CVE-2024-6289?
CVE-2024-6289 is an authentication bypass vulnerability in the WPS Hide Login WordPress plugin that allows unauthorized access to the hidden login page.
Am I affected by CVE-2024-6289?
You are affected if you are using WPS Hide Login WordPress plugin versions 0 up to and including 1.9.16.4. Update to the latest version to mitigate this vulnerability.
How do I fix CVE-2024-6289?
To fix CVE-2024-6289, update your WPS Hide Login WordPress plugin to version 1.9.16.4 or later. This version contains the necessary patch to prevent unauthorized access.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free