Vulnerability Details CVE-2024-2473
The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.046
EPSS Ranking 88.8%
CVSS Severity
CVSS v3 Score 5.3
References
- https://plugins.trac.wordpress.org/changeset/3099109/wps-hide-login
- https://www.wordfence.com/threat-intel/vulnerabilities/id/fd21c7d3-a5f1-4c3a-b6ab-0a979f070a62?source=cve
- https://plugins.trac.wordpress.org/changeset/3099109/wps-hide-login
- https://www.wordfence.com/threat-intel/vulnerabilities/id/fd21c7d3-a5f1-4c3a-b6ab-0a979f070a62?source=cve
Products affected by CVE-2024-2473
-
cpe:2.3:a:wpserveur:wps_hide_login:-
-
cpe:2.3:a:wpserveur:wps_hide_login:1.0
-
cpe:2.3:a:wpserveur:wps_hide_login:1.1
-
cpe:2.3:a:wpserveur:wps_hide_login:1.1.1
-
cpe:2.3:a:wpserveur:wps_hide_login:1.1.2
-
cpe:2.3:a:wpserveur:wps_hide_login:1.1.3
-
cpe:2.3:a:wpserveur:wps_hide_login:1.1.4
-
cpe:2.3:a:wpserveur:wps_hide_login:1.1.5
-
cpe:2.3:a:wpserveur:wps_hide_login:1.1.6
-
cpe:2.3:a:wpserveur:wps_hide_login:1.1.7
-
cpe:2.3:a:wpserveur:wps_hide_login:1.2
-
cpe:2.3:a:wpserveur:wps_hide_login:1.2.1
-
cpe:2.3:a:wpserveur:wps_hide_login:1.2.2
-
cpe:2.3:a:wpserveur:wps_hide_login:1.2.3
-
cpe:2.3:a:wpserveur:wps_hide_login:1.2.3.1
-
cpe:2.3:a:wpserveur:wps_hide_login:1.2.4
-
cpe:2.3:a:wpserveur:wps_hide_login:1.2.5
-
cpe:2.3:a:wpserveur:wps_hide_login:1.2.5.1
-
cpe:2.3:a:wpserveur:wps_hide_login:1.2.6
-
cpe:2.3:a:wpserveur:wps_hide_login:1.2.6.1
-
cpe:2.3:a:wpserveur:wps_hide_login:1.2.7
-
cpe:2.3:a:wpserveur:wps_hide_login:1.3
-
cpe:2.3:a:wpserveur:wps_hide_login:1.3.1
-
cpe:2.3:a:wpserveur:wps_hide_login:1.3.2
-
cpe:2.3:a:wpserveur:wps_hide_login:1.3.3
-
cpe:2.3:a:wpserveur:wps_hide_login:1.3.4
-
cpe:2.3:a:wpserveur:wps_hide_login:1.3.4.1
-
cpe:2.3:a:wpserveur:wps_hide_login:1.3.4.2
-
cpe:2.3:a:wpserveur:wps_hide_login:1.4
-
cpe:2.3:a:wpserveur:wps_hide_login:1.4.1
-
cpe:2.3:a:wpserveur:wps_hide_login:1.4.2
-
cpe:2.3:a:wpserveur:wps_hide_login:1.4.3
-
cpe:2.3:a:wpserveur:wps_hide_login:1.4.4
-
cpe:2.3:a:wpserveur:wps_hide_login:1.4.5
-
cpe:2.3:a:wpserveur:wps_hide_login:1.5
-
cpe:2.3:a:wpserveur:wps_hide_login:1.5.1
-
cpe:2.3:a:wpserveur:wps_hide_login:1.5.2
-
cpe:2.3:a:wpserveur:wps_hide_login:1.5.2.1
-
cpe:2.3:a:wpserveur:wps_hide_login:1.5.2.2
-
cpe:2.3:a:wpserveur:wps_hide_login:1.5.3
-
cpe:2.3:a:wpserveur:wps_hide_login:1.5.4
-
cpe:2.3:a:wpserveur:wps_hide_login:1.5.4.1
-
cpe:2.3:a:wpserveur:wps_hide_login:1.5.4.2
-
cpe:2.3:a:wpserveur:wps_hide_login:1.6.1
-
cpe:2.3:a:wpserveur:wps_hide_login:1.9.1
-
cpe:2.3:a:wpserveur:wps_hide_login:1.9.10
-
cpe:2.3:a:wpserveur:wps_hide_login:1.9.11
-
cpe:2.3:a:wpserveur:wps_hide_login:1.9.12
-
cpe:2.3:a:wpserveur:wps_hide_login:1.9.13
-
cpe:2.3:a:wpserveur:wps_hide_login:1.9.13.1
-
cpe:2.3:a:wpserveur:wps_hide_login:1.9.13.2
-
cpe:2.3:a:wpserveur:wps_hide_login:1.9.15
-
cpe:2.3:a:wpserveur:wps_hide_login:1.9.15.1
-
cpe:2.3:a:wpserveur:wps_hide_login:1.9.15.2
-
cpe:2.3:a:wpserveur:wps_hide_login:1.9.2
-
cpe:2.3:a:wpserveur:wps_hide_login:1.9.3
-
cpe:2.3:a:wpserveur:wps_hide_login:1.9.4
-
cpe:2.3:a:wpserveur:wps_hide_login:1.9.5
-
cpe:2.3:a:wpserveur:wps_hide_login:1.9.6
-
cpe:2.3:a:wpserveur:wps_hide_login:1.9.7
-
cpe:2.3:a:wpserveur:wps_hide_login:1.9.8
-
cpe:2.3:a:wpserveur:wps_hide_login:1.9.9