UNKNOWNCVE-2024-2473
WPS Hide Login <= 1.9.15.2 - Login Page Disclosure
Platform
wordpress
Component
wps-hide-login
The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin.
How to fix
Actualice el plugin WPS Hide Login a la última versión disponible. La vulnerabilidad se encuentra en versiones anteriores o iguales a 1.9.15.2. La actualización corregirá el problema de divulgación de la página de inicio de sesión.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free