Vulnerability Details CVE-2024-13794
The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress is vulnerable to Login Page Dislcosure in all versions up to, and including, 5.3.02. This is due to the plugin not properly restricting the /wp-register.php path. This makes it possible for unauthenticated attackers to discover the hidden login page location.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.5%
CVSS Severity
CVSS v3 Score 5.3
References
Products affected by CVE-2024-13794
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:-
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:4.0.11
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:4.1.11
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.0.26
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.0.27
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.0.28
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.0.29
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.1.01
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.1.02
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.1.03
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.2.01
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.2.02
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.2.03
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.2.04
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.3.00
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.3.01
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.3.02