CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-36917

WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user. It is possible to retrieve a reset token which can then be used to deactivate the plugin.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.013

EPSS Ranking 78.7%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 5.0

References

https://codecanyon.net/item/hide-my-wp-amazing-security-plugin-for-wordpress/4177158
https://patchstack.com/database/vulnerability/hide-my-wp/wordpress-hide-my-wp-premium-plugin-6-2-3-unauthenticated-plugin-deactivation-vulnerability
https://patchstack.com/hide-my-wp-vulnerabilities-fixed/
https://codecanyon.net/item/hide-my-wp-amazing-security-plugin-for-wordpress/4177158
https://patchstack.com/database/vulnerability/hide-my-wp/wordpress-hide-my-wp-premium-plugin-6-2-3-unauthenticated-plugin-deactivation-vulnerability
https://patchstack.com/hide-my-wp-vulnerabilities-fixed/

Products affected by CVE-2021-36917

Wpwave » Hide My Wp » Version: 6.2.3

cpe:2.3:a:wpwave:hide_my_wp:6.2.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-36917

Products

Pricing

Contact Us